[ MDVSA-2013:121 ] qemu
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:121 http://www.mandriva.com/en/support/security/ ___ Package : qemu Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated qemu packages fix security vulnerability: A flaw was found in how qemu, in snapshot mode (-snapshot command line argument), handled the creation and opening of the temporary file used to store the difference of the virtualized guest#039;s read-only image and the current state. In snapshot mode, bdrv_open() creates an empty temporary file without checking for any mkstemp() or close() failures; it also ignores the possibility of a buffer overrun given an exceptionally long /tmp. Because qemu re-opens that file after creation, it is possible to race qemu and insert a symbolic link with the same expected name as the temporary file, pointing to an attacker-chosen file. This can be used to either overwrite the destination file with the privileges of the user running qemu (typically root), or to point to an attacker-readable file that could expose data from the guest to the attacker (CVE-2012-2652). A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host (CVE-2012-3515). It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default) (CVE-2012-6075). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0185 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0263 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0025 ___ Updated Packages: Mandriva Business Server 1/X86_64: 2077322ff415a0f63921650be5b4d7fa mbs1/x86_64/qemu-1.0-8.1.mbs1.x86_64.rpm a4741d08a3dedd1007296ac535ecce83 mbs1/x86_64/qemu-img-1.0-8.1.mbs1.x86_64.rpm 4e9cead8b0e57eec5c5e36abf0318efa mbs1/SRPMS/qemu-1.0-8.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVG5mqjQ0CJFipgRAvdbAKDuC2ZxrYAhBiDajUFvXh7qGODENACeLK+a A9jU52eEUkylFSSyud9MeM4= =RVuM -END PGP SIGNATURE-
[ MDVSA-2013:124 ] ruby
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:124 http://www.mandriva.com/en/support/security/ ___ Package : ruby Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated ruby packages fix security vulnerabilities: Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions (CVE-2012-4466, CVE-2012-4481). It was discovered that Ruby#039;s REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amounts of system memory (CVE-2013-1821). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4481 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092 ___ Updated Packages: Mandriva Business Server 1/X86_64: eca1de4cfdf664a3df54083f7019eef6 mbs1/x86_64/ruby-1.8.7.p358-2.1.mbs1.x86_64.rpm 7f4d4820b8c8908e91be5cfcf4bf21ae mbs1/x86_64/ruby-devel-1.8.7.p358-2.1.mbs1.x86_64.rpm 80079bf97c8414ad733a275cabf3d5e5 mbs1/x86_64/ruby-doc-1.8.7.p358-2.1.mbs1.noarch.rpm 67f5798cb1e05bf34533e2b7a41c938e mbs1/x86_64/ruby-tk-1.8.7.p358-2.1.mbs1.x86_64.rpm b7c67e8c2262b2204aa8ad8a6d8b87a7 mbs1/SRPMS/ruby-1.8.7.p358-2.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVQ3mqjQ0CJFipgRAmjYAKCex0pXi2D17Z3HoCIHXvnw354ahQCggqMH oKDzlCLgd1lTDmakQaHLmrY= =/Y/M -END PGP SIGNATURE-
[ MDVSA-2013:126 ] snack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:126 http://www.mandriva.com/en/support/security/ ___ Package : snack Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated snack packages fix security vulnerability: Two vulnerabilities have been discovered in Snack Sound Toolkit, which are caused due to missing boundary checks in the GetWavHeader() function (generic/jkSoundFile.c) when parsing either format sub-chunks or unknown sub-chunks. This can be exploited to cause a heap-based buffer overflow via specially crafted WAV files with overly large chunk sizes specified (CVE-2012-6303). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6303 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0017 ___ Updated Packages: Mandriva Business Server 1/X86_64: cc5a34a07194a2d4f226de5b7f336c8c mbs1/x86_64/python-snack-2.2.10-11.1.mbs1.x86_64.rpm 6c10508707c1370f2ba84756c912e83b mbs1/x86_64/tcl-snack-2.2.10-11.1.mbs1.x86_64.rpm 834f2117e1251aa60d1aa7d8f95b2cec mbs1/SRPMS/snack-2.2.10-11.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVXnmqjQ0CJFipgRAv44AKDlIIT/dmXREry26hKVgp0lxm0rwwCfe5qu M2WU2CwSMDIxFHzcMJVBmoY= =mXBe -END PGP SIGNATURE-
[ MDVSA-2013:127 ] socat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:127 http://www.mandriva.com/en/support/security/ ___ Package : socat Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated socat package fixes security vulnerability: Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address (CVE-2012-0219). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0219 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0138 ___ Updated Packages: Mandriva Business Server 1/X86_64: 5a8dd5f518aca22b6e299658accf3778 mbs1/x86_64/socat-1.7.2.1-1.mbs1.x86_64.rpm 8b0a1768c621c6195e21d17d37bac4d1 mbs1/SRPMS/socat-1.7.2.1-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVZkmqjQ0CJFipgRAgPYAJ0e+DI50NFImKY2ItZFqzTtguHBDwCdGdD/ JAv103bEeHWHBVxAbfqRYLw= =Y7C6 -END PGP SIGNATURE-
[ MDVSA-2013:128 ] squashfs-tools
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:128 http://www.mandriva.com/en/support/security/ ___ Package : squashfs-tools Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated squashfs-tools packages fix security vulnerabilities: remote arbitrary code execution via crafted list file (CVE-2012-4024). integer overflow in queue_init() may lead to abitrary code execution (CVE-2012-4025). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4025 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001 ___ Updated Packages: Mandriva Business Server 1/X86_64: b76bef9f418c3c90eaceca35874a3de0 mbs1/x86_64/squashfs-tools-4.2-3.1.mbs1.x86_64.rpm 94a5224fd4756c38b8c47e6c0bc22e97 mbs1/SRPMS/squashfs-tools-4.2-3.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVbnmqjQ0CJFipgRAqzKAJ9oDc9cFxGg5R2iGuqZdwutuemWzgCfRVDl 0Bz/c8pzh+xLEtLjPbSFi+U= =pr/w -END PGP SIGNATURE-
[ MDVSA-2013:129 ] squid
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:129 http://www.mandriva.com/en/support/security/ ___ Package : squid Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated squid packages fix security vulnerability: Due to missing input validation, the Squid cachemgr.cgi tool in Squid before 3.1.22 and 3.2.4 is vulnerable to a denial of service attack when processing specially crafted requests (CVE-2012-5643). It was discovered that the patch for CVE-2012-5643 was incorrect. A remote attacker could exploit this flaw to perform a denial of service attack (CVE-2013-0189). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0189 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0029 ___ Updated Packages: Mandriva Business Server 1/X86_64: 03f4a33d16e0ccb13c2b825fa9739e3c mbs1/x86_64/squid-3.1.19-5.2.mbs1.x86_64.rpm 0844295e6c832b20b53a89a6570bd632 mbs1/x86_64/squid-cachemgr-3.1.19-5.2.mbs1.x86_64.rpm 721e597deda6926578f64dd31b0df387 mbs1/SRPMS/squid-3.1.19-5.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVfUmqjQ0CJFipgRAnhlAJ9orRIWER7dyp+HiX7vCDKsHuQv9QCfXOiO vh6AUMKiHIKi6QunM9En6Yg= =RwvM -END PGP SIGNATURE-
[ MDVSA-2013:130 ] stunnel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:130 http://www.mandriva.com/en/support/security/ ___ Package : stunnel Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated stunnel packages fix security vulnerability: stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow (CVE-2013-1762). The updated packages also fixes the following: - move library subpackages back into main stunnel package - add a systemd unit file (partially fixing Bug 3951) - fix issues with stunnel.conf and stunnel.pem, with stunnel running in a chroot environment. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762 https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0196 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097 ___ Updated Packages: Mandriva Business Server 1/X86_64: 1eb5c58851d2856d80c28978b6df0516 mbs1/x86_64/stunnel-4.55-1.mbs1.x86_64.rpm e0e0026642bcceda874cdd2009d98dc1 mbs1/SRPMS/stunnel-4.55-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVkGmqjQ0CJFipgRAtUkAJ0dbe797LIDoeBbWqSFMz15TcYzYwCfV1bW ozPWY1ycQzwVqjwsrOqYXs8= =ZYA3 -END PGP SIGNATURE-
[ MDVSA-2013:131 ] taglib
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:131 http://www.mandriva.com/en/support/security/ ___ Package : taglib Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated taglib packages fix security vulnerabilities: taglib before 1.7.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file (CVE-2012-2396). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2396 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0116 ___ Updated Packages: Mandriva Business Server 1/X86_64: 9b0fb15d342f1baf6501284b25192ae0 mbs1/x86_64/lib64taglib1-1.7.2-1.mbs1.x86_64.rpm 8163792710ad8d17dad5b2ddeb030b10 mbs1/x86_64/lib64taglib_c0-1.7.2-1.mbs1.x86_64.rpm efbd43a7177be5c0c1bef15ea1dd98e7 mbs1/x86_64/lib64taglib-devel-1.7.2-1.mbs1.x86_64.rpm 64a4c120a7088efdc2ab11590874dada mbs1/SRPMS/taglib-1.7.2-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVlvmqjQ0CJFipgRAiJ2AKDU1KuM+VuBxT7v8W0XdYn9a4AnDQCgwDL4 sH9c2rA3kkKG74wkNEhI0sY= =Plu1 -END PGP SIGNATURE-
[ MDVSA-2013:132 ] tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:132 http://www.mandriva.com/en/support/security/ ___ Package : tor Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated tor package fixes security vulnerabilities: Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected (CVE-2011-2768). Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values (CVE-2011-2769). Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests (CVE-2012-3517). The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document (CVE-2012-3518). routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack (CVE-2012-3519). The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison (CVE-2012-4419). Tor before 0.2.2.39, when waiting for a client to renegotiate, allowed it to add bytes to the input buffer, allowing a crash to be caused remotely (tor-5934, tor-6007). Denial of Service vulnerability in Tor before 0.2.3.25, due to an error when handling SENDME cells and can be exploited to cause excessive consumption of memory resources within an entry node (SA51329, CVE-2012-5573). The version of Tor shipped in MBS1 did not have correctly formed systemd unit and thus failed to start. This updated version corrects this problem and restores working behaviour. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5573 https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0184 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0276 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0356 ___ Updated Packages: Mandriva Business Server 1/X86_64: 8cadc920e4452cd2a3551a3cb01d9fcf mbs1/x86_64/tor-0.2.2.39-1.mbs1.x86_64.rpm 7cbba7170bc4f9e6ee8409398437570c mbs1/SRPMS/tor-0.2.2.39-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVsDmqjQ0CJFipgRAm9IAJ9tYUVrI7u2V+7yJGNLn2OVMdOzcACgyrhf PUIroe88x4NDpj7AUyd2YP8= =x4YG -END PGP SIGNATURE-
[ MDVSA-2013:133 ] usbmuxd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:133 http://www.mandriva.com/en/support/security/ ___ Package : usbmuxd Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated usbmuxd packages fix security vulnerability: It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the #039;usbmux#039; user (CVE-2012-0065). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0065 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0228 ___ Updated Packages: Mandriva Business Server 1/X86_64: 98b47906fa5816c823043ddf9502ccd9 mbs1/x86_64/lib64usbmuxd1-1.0.7-3.1.mbs1.x86_64.rpm 5b1d14d3d61e526a8723e48d760e6c25 mbs1/x86_64/lib64usbmuxd-devel-1.0.7-3.1.mbs1.x86_64.rpm 71d043ba9ea7c4f78d7526ad8bdf1cb8 mbs1/x86_64/usbmuxd-1.0.7-3.1.mbs1.x86_64.rpm aa575ce62a21d528d5caba5144f21291 mbs1/SRPMS/usbmuxd-1.0.7-3.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVuDmqjQ0CJFipgRAnpDAKCsOJGpjtUYDIDQ4vtGbwB6z9lILgCgz5Je u7LMub+ZeoVcX0NtySE9UNE= =Rdju -END PGP SIGNATURE-
[ MDVSA-2013:134 ] viewvc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:134 http://www.mandriva.com/en/support/security/ ___ Package : viewvc Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated viewvc packages fix security vulnerabilities: complete authz support for remote SVN views (CVE-2012-3356). log msg leak in SVN revision view with unreadable copy source (CVE-2012-3357). function name lines returned by diff are not properly escaped, allowing attackers with commit access to perform cross site scripting (CVE-2012-4533). Several other bugs were fixed as well. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4533 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4533 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3356 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3357 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313 ___ Updated Packages: Mandriva Business Server 1/X86_64: d900d58ae8a5e685e8f27e9128fb729c mbs1/x86_64/viewvc-1.1.15-1.mbs1.noarch.rpm b698ff35163bcbf10395e045745cfa8d mbs1/SRPMS/viewvc-1.1.15-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZV9CmqjQ0CJFipgRAvPNAKDL0FC3Os70ufcLz/Nc/g+eqpwpewCg11YC aVLLi26g3LhesXY/86iTVJY= =1pQl -END PGP SIGNATURE-
[ MDVSA-2013:135 ] vte
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:135 http://www.mandriva.com/en/support/security/ ___ Package : vte Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated vte packages fix security vulnerability: A denial of service flaw was found in the way VTE, a terminal emulator widget, processed certain escape sequences with large repeat counts. A remote attacker could provide a specially-crafted file, which once opened in a terminal using the VTE terminal emulator could lead to excessive CPU consumption (CVE-2012-2738). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2738 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0163 ___ Updated Packages: Mandriva Business Server 1/X86_64: 4566a8d789bd97a1878507939912f9f9 mbs1/x86_64/lib64vte9-0.28.2-5.1.mbs1.x86_64.rpm 27a8bd6e01a230a99b5129e8d74a0b95 mbs1/x86_64/lib64vte-devel-0.28.2-5.1.mbs1.x86_64.rpm c5b3588d6b7735ed816d609e0efa mbs1/x86_64/lib64vte-gir0.0-0.28.2-5.1.mbs1.x86_64.rpm 614f4e1a8e82320438efe99803ee3ad4 mbs1/x86_64/python-vte-0.28.2-5.1.mbs1.x86_64.rpm 8dc2b110ae5529d791e364b72f7f4ed1 mbs1/x86_64/vte-0.28.2-5.1.mbs1.x86_64.rpm e0ed7c26edf07e7a03821fc14c97da96 mbs1/SRPMS/vte-0.28.2-5.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZV+/mqjQ0CJFipgRAuAMAJ4g2+waHAG/kClKiAOpkPaR/EwJPACfS58b xtYHhE3BeYi3KuQu2HjgtSk= =VKKN -END PGP SIGNATURE-
[ MDVSA-2013:136 ] weechat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:136 http://www.mandriva.com/en/support/security/ ___ Package : weechat Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated weechat packages fix security vulnerability: A buffer overflow is causing a crash or freeze of WeeChat (0.36 to 0.39) when decoding IRC colors in strings. The packages have been patched to fix this problem (CVE-2012-5854). Untrusted command for function hook_process in WeeChat before 0.3.9.2 could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself) (CVE-2012-5534). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5534 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347 ___ Updated Packages: Mandriva Business Server 1/X86_64: 29cd0165dfd3f68cbd329e08b1b513fe mbs1/x86_64/weechat-0.3.6-4.1.mbs1.x86_64.rpm 98b3e8a25ad514e848e15f4744e8ac87 mbs1/x86_64/weechat-aspell-0.3.6-4.1.mbs1.x86_64.rpm 3d597e868297a42d0fb6f9e147997a10 mbs1/x86_64/weechat-charset-0.3.6-4.1.mbs1.x86_64.rpm 5c3fa0e35821e150b9fa50ce865b5ee3 mbs1/x86_64/weechat-devel-0.3.6-4.1.mbs1.x86_64.rpm e3650996e7346c18c2cd696d64ab7e58 mbs1/x86_64/weechat-lua-0.3.6-4.1.mbs1.x86_64.rpm a90663aa7db4af600c85a65646bfc8e4 mbs1/x86_64/weechat-perl-0.3.6-4.1.mbs1.x86_64.rpm f8812edd47ce004d2c52b8710bc5c36b mbs1/x86_64/weechat-python-0.3.6-4.1.mbs1.x86_64.rpm a68490edca15eead4f90f6e83bbfc425 mbs1/x86_64/weechat-ruby-0.3.6-4.1.mbs1.x86_64.rpm 392f30dbeeea04fb69bf91c2b29de426 mbs1/x86_64/weechat-tcl-0.3.6-4.1.mbs1.x86_64.rpm ca70e70c8bd18b291dfb6eca55f6fa03 mbs1/SRPMS/weechat-0.3.6-4.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZWCWmqjQ0CJFipgRAsgMAKD2BONmiWlikc2+NoWx0DASuj8lxACgw0zq 2cUWyUaab1PLrbz9dlwRuMw= =JLR5 -END PGP SIGNATURE-
[ MDVSA-2013:137 ] wordpress
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:137 http://www.mandriva.com/en/support/security/ ___ Package : wordpress Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: This update provides WordPress 3.4.2, a maintenance and security release. ___ References: http://codex.wordpress.org/Version_3.4.1 http://codex.wordpress.org/Version_3.4.2 ___ Updated Packages: Mandriva Business Server 1/X86_64: 64998825efc75905c0972a74bf3c9206 mbs1/x86_64/wordpress-3.4.2-1.mbs1.noarch.rpm 611df695614c1c6941ac79dad656bcb0 mbs1/SRPMS/wordpress-3.4.2-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZWJxmqjQ0CJFipgRAsl5AJ9+j+HczWEPI3clCJ5g5rJdi33VyACcDcWB gyXHu/JgyytF/gMabzN62oU= =RY2y -END PGP SIGNATURE-
[ MDVSA-2013:138 ] x11-driver-video-qxl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:138 http://www.mandriva.com/en/support/security/ ___ Package : x11-driver-video-qxl Date: April 10, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated x11-driver-video-qxl package fixes security vulnerability: A flaw was found in the way the host#039;s qemu-kvm qxl driver and the guest#039;s X.Org qxl driver interacted when a SPICE connection terminated. A user able to initiate a SPICE connection to a guest could use this flaw to make the guest temporarily unavailable or, potentially (if the sysctl kernel.softlockup_panic variable was set to 1 in the guest), crash the guest (CVE-2013-0241). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0241 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0036 ___ Updated Packages: Mandriva Business Server 1/X86_64: 45afe4e8c0274558fc1bc8c202115808 mbs1/x86_64/x11-driver-video-qxl-0.0.16-5.1.mbs1.x86_64.rpm 379d4bbc4a8c6a96c4b79448a3b522f5 mbs1/SRPMS/x11-driver-video-qxl-0.0.16-5.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZWL+mqjQ0CJFipgRArfFAKDwlEJ9IjBqQQ0AmDGXHSb+TkgncgCfR5Ta ux2yJaVNML1XMEIh6Ww+6WM= =mv0M -END PGP SIGNATURE-
Cisco Security Advisory: Cisco Prime Network Control Systems Database Default Credentials Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco Prime Network Control Systems Database Default Credentials Vulnerability Advisory ID: cisco-sa-20130410-ncs Revision 1.0 For Public Release 2013 April 10 16:00 UTC (GMT) +-- Summary === Cisco Prime Network Control System NCS appliances that are running software versions prior to 1.1.1.24 contain a database user account that is created with default credentials. An attacker could use this account to modify the configuration of the application or disrupt services. A software upgrade is required to resolve this vulnerability. Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-ncs -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAlFlkSkACgkQUddfH3/BbTrRtQEAjKEfrZ4g2yWNSGLKq4eYQtGy +N+7Dea/oX5EQtOnnqEA/3h6A5A+RsvGrcVAse061dKJCwT0X2q3khD437CqSYZy =TLJ/ -END PGP SIGNATURE-
[SECURITY] [DSA 2659-1] libapache-mod-security security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2659-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2013 http://www.debian.org/security/faq - - Package: libapache-mod-security Vulnerability : XML external entity processing vulnerability Problem type : remote Debian-specific: no CVE ID : CVE-2013-1915 Debian Bug : 704625 Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially-crafted XML file provided by a remote attacker, could lead to local file disclosure or excessive resources (CPU, memory) consumption when processed. This update introduces a SecXmlExternalEntity option which is 'Off' by default. This will disable the ability of libxml2 to load external entities. For the stable distribution (squeeze), this problem has been fixed in version 2.5.12-1+squeeze2. For the testing distribution (wheezy), this problem has been fixed in version 2.6.6-6 of the modsecurity-apache package. For the unstable distribution (sid), this problem has been fixed in version 2.6.6-6 of the modsecurity-package package. We recommend that you upgrade your libapache-mod-security packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJRZaYhAAoJEFb2GnlAHawEJcEH/jTa0h4YLeFM1Ethm17Xnspt krXt5vaRbuj1QauO/dPLpnSWDUDIESB3sdL/vxxUbRhFWIbGg2aQHreWFPxONBnk KzqYXefKhbMjJFRBTKZfv/9j0f2fHHy5xfvZjYPeISpCQVqfiD3bzETY0Z9mvq19 zbrgj9YXCIg6ZdnxF1Q3p0K3wx83uuUcFFk02PfYTtPO+hlzDjkNkq1vn2XKxlAc P1aWePly4Ii4DlFwnXaWGVzQiiosELd4aqQzZfqeRsSDbk+MBEwH9z/xyjrAsNOI s/Bvfk4Cxa0I6BqrIEqGcLPW0Gt3td9LdltGDSSD3SokpMUO7ANIrYHKHe+GKfA= =bgvz -END PGP SIGNATURE-
[ MDVSA-2013:141 ] libxslt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:141 http://www.mandriva.com/en/support/security/ ___ Package : libxslt Date: April 11, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Updated libxslt packages fix security vulnerability: Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service (CVE-2012-6139). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139 https://bugzilla.gnome.org/show_bug.cgi?id=685328 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107 ___ Updated Packages: Mandriva Enterprise Server 5: d9cc0579da4d136a0d062c1078fd108f mes5/i586/libxslt1-1.1.24-3.4mdvmes5.2.i586.rpm c9b06cef7d5a2668b413cd8c53e3613a mes5/i586/libxslt-devel-1.1.24-3.4mdvmes5.2.i586.rpm cdc0b9e7670d208f8d3d7735824860a9 mes5/i586/libxslt-proc-1.1.24-3.4mdvmes5.2.i586.rpm 30c4cab94e5d3e489ba71803824dfd69 mes5/i586/python-libxslt-1.1.24-3.4mdvmes5.2.i586.rpm 03c95e446be2399ee67962c751d2c279 mes5/SRPMS/libxslt-1.1.24-3.4mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: a0c13f507bcb015a466257020a2d8adc mes5/x86_64/lib64xslt1-1.1.24-3.4mdvmes5.2.x86_64.rpm 6619487f220f49565eb1e6960c5655aa mes5/x86_64/lib64xslt-devel-1.1.24-3.4mdvmes5.2.x86_64.rpm dd106118af9c87fb11e71b4ae463e647 mes5/x86_64/libxslt-proc-1.1.24-3.4mdvmes5.2.x86_64.rpm edced14e8d64ce6dffdc7b1650a6e5b3 mes5/x86_64/python-libxslt-1.1.24-3.4mdvmes5.2.x86_64.rpm 03c95e446be2399ee67962c751d2c279 mes5/SRPMS/libxslt-1.1.24-3.4mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: d16729cbfcb9dca701a747c4dc33d48f mbs1/x86_64/lib64xslt1-1.1.26-6.20120127.3.mbs1.x86_64.rpm 01ce0c23bcccb4137dbba5e6d241fb55 mbs1/x86_64/lib64xslt-devel-1.1.26-6.20120127.3.mbs1.x86_64.rpm 39f221d58e2a2f5e441a9b434dac572f mbs1/x86_64/python-libxslt-1.1.26-6.20120127.3.mbs1.x86_64.rpm ad0ebe3fd3ebaec58ae909909b18439e mbs1/x86_64/xsltproc-1.1.26-6.20120127.3.mbs1.x86_64.rpm 6c7d4bef7fe3da682edb2395b8e15850 mbs1/SRPMS/libxslt-1.1.26-6.20120127.3.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZoTcmqjQ0CJFipgRAna6AJ0duYRfLJlKLntf+EN5LH+g6Q/vpACg67Ug UmOVUE3tw1c1xx9x/0kvEJ4= =DL/v -END PGP SIGNATURE-
MacOSX 10.8.3 ftpd Remote Resource Exhaustion
MacOSX 10.8.3 ftpd Remote Resource Exhaustion Maksymilian Arciemowicz http://cxsecurity.com/ http://cvemap.org/ Public Date: 01.02.2013 http://cxsecurity.com/cveshow/CVE-2010-2632 http://cxsecurity.com/cveshow/CVE-2011-0418 --- 1. Description --- Old vulnerability in libc allow to denial of service ftpd in MacOSX 10.8.3. Officially Apple has resolved this issue in Jun 2011. Apple use tnftpd as a main ftp server. tnftpd has migrated some functions from libc to own code (including glob(3)). Missing patch for resource exhaustion was added in version 20130322. To this time, we can use CVE-2010-2632 to denial of service the ftp server. The funniest is report http://support.apple.com/kb/ht4723 where CVE-2010-2632 was patched. That true 'libc is patched', but nobody from Apple has verified ftp. I really don't believe in penetrating testing form Apple side. Situation don't seems good. I has asked for open source donations, unfortunately Apple do not financial help vendors, what use their software in own products. Proof of Concept is available since 2010 http://cxsecurity.com/issue/WLB-2011030145 Video demonstrated how to kill Mac Mini in basic version i5 with 10GB RAM in 30 min is available on http://cxsec.org/video/macosx_ftpd_poc/ --- 2. References --- Multiple Vendors libc/glob(3) remote ftpd resource exhaustion http://cxsecurity.com/issue/WLB-2010100135 http://cxsecurity.com/cveshow/CVE-2010-2632 Multiple FTPD Server GLOB_BRACE|GLOB_LIMIT memory exhaustion http://cxsecurity.com/issue/WLB-2011050004 http://cxsecurity.com/cveshow/CVE-2011-0418 More CWE-399 resource exhaustion examples: http://cxsecurity.com/cwe/CWE-399 Last related to http://www.freebsd.org/security/advisories/FreeBSD-SA-13:02.libc.asc --- 3. Contact --- Maksymilian Arciemowicz Best regards, CXSEC TEAM http://cxsecurity.com/