Section: .. / 0809-advisories /
| /// File Name: |
09.09.08-1.txt |
Description:
|
iDefense Security Advisory 09.09.08 - Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s GDI+ could allow an attacker to execute arbitrary code within the context of the local user. The vulnerability specifically exists in the memory allocation performed by the GDI+ library. Certain malformed gradient fill input can cause the application to corrupt the heap, potentially allowing arbitrary code execution. iDefense Labs confirmed this vulnerability affects Internet Explorer 7 and Internet Explorer 6 on the Microsoft Windows XP SP2 platform.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 4248 | | Related CVE(s): | CVE-2007-5348 | | Last Modified: | Sep 10 04:56:28 2008 |
| MD5 Checksum: | 47d3ff7a323e1ca6088891deff626356 |
|
| /// File Name: |
09.09.08-2.txt |
Description:
|
iDefense Security Advisory 09.09.08 - Remote exploitation of an integer overflow in Apple Inc.'s QuickTime could allow an attacker to execute arbitrary code in the security context of the current user. QuickTime is vulnerable to an integer overflow vulnerability when handling malformed PICT files. This issue results in heap corruption which can lead to arbitrary code execution. Apple Inc.'s QuickTime versions 7.4.5 and 7.4 have been confirmed to be vulnerable to this issue. Older versions are also suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3568 | | Related CVE(s): | CVE-2008-3614 | | Last Modified: | Sep 10 04:57:38 2008 |
| MD5 Checksum: | 94acb16d922a4c6d1b5f3c2d3557ab98 |
|
| /// File Name: |
airtel-multi.txt |
Description:
|
The Bharti DSL modem provided by Airtel suffers from credential disclosure and various other vulnerabilities that allow for device compromise.
| | Author: | Shishir Birmiwal | | File Size: | 7070 | | Last Modified: | Sep 16 17:46:07 2008 |
| MD5 Checksum: | 135d1b61c5d97529a006c20878c8835c |
|
| /// File Name: |
AKLINK-SA-2008-007.txt |
Description:
|
CAcert suffered from a cross site scripting vulnerability when parsing a given X.509 certificate.
| | Author: | Alexander Klink | | Homepage: | https://www.cynops.de/ | | File Size: | 3812 | | Last Modified: | Sep 29 14:41:28 2008 |
| MD5 Checksum: | f4cc58b77fbb5af8495b6a5b91adc1b9 |
|
| /// File Name: |
aruba-cert.txt |
Description:
|
Aruba Mobility Controllers use X.509 certificates to protect access to the web management interface and to provide secure wireless authentication, such as TLS, TTLS, PEAP, and Aruba-specific Captive Portal. By default, the controller uses a built-in certificate that is shared by all deployed units across all customers. This is broken for the obvious reasons.
| | Author: | nnposter | | File Size: | 1171 | | Last Modified: | Sep 23 13:09:32 2008 |
| MD5 Checksum: | f3f4df7460539de59c61e19c82b500b4 |
|
| /// File Name: |
atheros-overflow.txt |
Description:
|
The wireless drivers in some Wi-Fi access points (such as the ATHEROS-based Linksys WRT350N) do not correctly parse the Atheros vendor specific information element included in association requests allowing for denial of service or possible code execution.
| | Author: | Laurent Butti,Julien Tinnes | | File Size: | 1780 | | Related CVE(s): | CVE-2007-5474 | | Last Modified: | Sep 4 14:10:05 2008 |
| MD5 Checksum: | 7230a63128d6e0c50c7cfdd4a27a0bbb |
|
| /// File Name: |
baidu-dos.txt |
Description:
|
The Baidu Hi IM client software suffers from a denial of service vulnerability.
| | Author: | Gen LI, Ying Zhang | | File Size: | 1403 | | Last Modified: | Sep 15 17:11:28 2008 |
| MD5 Checksum: | bbbf6aeed6465d77771ab86989e89ef0 |
|
| /// File Name: |
caservice-xss.txt |
Description:
|
CA Service Desk contains multiple vulnerabilities that can allow a remote attacker to conduct cross-site scripting attacks. CA has issued patches to address the vulnerabilities. Versions affected include CA Service Desk r11.2, CA CMDB 11.0, CA CMDB 11.1, and CA CMDB 11.2.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4466 | | Related CVE(s): | CVE-2008-4119 | | Last Modified: | Sep 26 20:10:39 2008 |
| MD5 Checksum: | e205dc6c40a9a031989dc2ac0073d025 |
|
| /// File Name: |
cisco-acs.txt |
Description:
|
Cisco Secure ACS does not correctly parse the length of EAP-Response packets which allows remote attackers to cause a denial of service and possibly execute arbitrary code. A remote attacker (acting as a RADIUS client) could send a specially crafted EAP Response packet against a Cisco Secure ACS server in such a way as to cause the CSRadius service to crash (reliable). This bug may be triggered if the length field of an EAP-Response packet has a certain big value, greater than the real packet length.
| | Author: | Laurent Butti,Gabriel Campana | | File Size: | 2541 | | Related CVE(s): | CVE-2008-2441 | | Last Modified: | Sep 3 17:30:13 2008 |
| MD5 Checksum: | af42d10de51f46d9fd8a6bf7ca0cf4ad |
|
| /// File Name: |
cisco-sa-20080924-cucm.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Communications Manager, formerly Cisco Unified CallManager, contains two denial of service (DoS) vulnerabilities in the Session Initiation Protocol (SIP) service. An exploit of these vulnerabilities may cause an interruption in voice services. Cisco will release free software updates that address these vulnerabilities and this advisory will be updated as fixed software becomes available. There are no workarounds for these vulnerabilities.
| | Homepage: | http://www.cisco.com/ | | File Size: | 17423 | | Related CVE(s): | CVE-2008-3800, CVE-2008-3801 | | Last Modified: | Sep 24 15:21:26 2008 |
| MD5 Checksum: | 6bbf152fdce78edb17a37587a9b04b53 |
|
| /// File Name: |
cisco-sa-20080924-iosfw.txt |
Description:
|
Cisco Security Advisory - Cisco IOS software configured for IOS firewall Application Inspection Control (AIC) with a HTTP configured application-specific policy are vulnerable to a Denial of Service when processing a specific malformed HTTP transit packet. Successful exploitation of the vulnerability may result in a reload of the affected device. Cisco has released free software updates that address this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 26177 | | Related CVE(s): | CVE-2008-3812 | | Last Modified: | Sep 24 15:23:29 2008 |
| MD5 Checksum: | 093f817c1bca98ed9e6d091b74f78911 |
|
| /// File Name: |
cisco-sa-20080924-iosips.txt |
Description:
|
Cisco Security Advisory - The Cisco IOS Intrusion Prevention System (IPS) feature contains a vulnerability in the processing of certain IPS signatures that use the SERVICE.DNS engine. This vulnerability may cause a router to crash or hang, resulting in a denial of service condition. Cisco has released free software updates that address this vulnerability. There is a workaround for this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 34234 | | Related CVE(s): | CVE-2008-2739 | | Last Modified: | Sep 24 15:24:39 2008 |
| MD5 Checksum: | 056124c4e1444105829eaf130206a303 |
|
| /// File Name: |
cisco-sa-20080924-ipc.txt |
Description:
|
Cisco Security Advisory - Cisco 10000, uBR10012 and uBR7200 series devices use a User Datagram Protocol (UDP) based Inter-Process Communication (IPC) channel that is externally reachable. An attacker could exploit this vulnerability to cause a denial of service (DoS) condition on affected devices. No other platforms are affected. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
| | Homepage: | http://www.cisco.com/ | | File Size: | 59770 | | Related CVE(s): | CVE-2008-3805 | | Last Modified: | Sep 24 15:31:08 2008 |
| MD5 Checksum: | 2eb9445caa3f771783ba52f3df333950 |
|
| /// File Name: |
cisco-sa-20080924-l2tp.txt |
Description:
|
Cisco Security Advisory - A vulnerability exists in the Cisco IOS software implementation of Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS software releases. Several features enable the L2TP mgmt daemon process within Cisco IOS software, including but not limited to Layer 2 virtual private networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up Networks (VPDN). Once this process is enabled the device is vulnerable. This vulnerability will result in a reload of the device when processing a specially crafted L2TP packet. Cisco has released free software updates that address this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 48049 | | Related CVE(s): | CVE-2008-3813 | | Last Modified: | Sep 24 15:30:05 2008 |
| MD5 Checksum: | 959e6f950f8d45cd162adaa8884c159a |
|
| /// File Name: |
cisco-sa-20080924-mfi.txt |
Description:
|
Cisco Security Advisory - Cisco IOS Software Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) is vulnerable to a Denial of Service (DoS) attack from specially crafted packets. Only the MFI is affected by this vulnerability. Older Label Forwarding Information Base (LFIB) implementation, which is replaced by MFI, is not affected. Cisco has released free software updates that address this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 42539 | | Related CVE(s): | CVE-2008-3804 | | Last Modified: | Sep 24 15:27:10 2008 |
| MD5 Checksum: | 2ca2e9297da59391fb75b633c97427d7 |
|
| /// File Name: |
cisco-sa-20080924-multicast.txt |
Description:
|
Cisco Security Advisory - Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
| | Homepage: | http://www.cisco.com/ | | File Size: | 93395 | | Related CVE(s): | CVE-2008-3808, CVE-2008-3809 | | Last Modified: | Sep 25 17:29:09 2008 |
| MD5 Checksum: | f0068636fe4d323dbfc8ca745b4b7600 |
|
| /// File Name: |
cisco-sa-20080924-sccp.txt |
Description:
|
Cisco Security Advisory - A series of segmented Skinny Call Control Protocol (SCCP) messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.
| | Homepage: | http://www.cisco.com/ | | File Size: | 42717 | | Related CVE(s): | CVE-2008-3811, CVE-2008-3810 | | Last Modified: | Sep 24 15:28:14 2008 |
| MD5 Checksum: | c4a5861997362e05262f595b3b991c50 |
|
| /// File Name: |
cisco-sa-20080924-sip.txt |
Description:
|
Cisco Security Advisory - Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the IOS device. Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.
| | Homepage: | http://www.cisco.com/ | | File Size: | 62763 | | Related CVE(s): | CVE-2008-3799 | | Last Modified: | Sep 25 17:27:40 2008 |
| MD5 Checksum: | 67c93c4e0e782e12e33d9270b6ca8062 |
|
| /// File Name: |
cisco-sa-20080924-ssl.txt |
Description:
|
Cisco Security Advisory - A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange. Cisco has released free software updates that address this vulnerability. Aside from disabling affected services, there are no available workarounds to mitigate an exploit of this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 24152 | | Related CVE(s): | CVE-2008-3798 | | Last Modified: | Sep 24 15:22:20 2008 |
| MD5 Checksum: | 55bfa08260352eb89573da8d0a2d4d94 |
|
| /// File Name: |
cisco-sa-20080924-ubr.txt |
Description:
|
Cisco Security Advisory - Cisco uBR10012 series devices automatically enable Simple Network Management Protocol (SNMP) read/write access to the device if configured for linecard redundancy. This can be exploited by an attacker to gain complete control of the device. Only Cisco uBR10012 series devices that are configured for linecard redundancy are affected. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
| | Homepage: | http://www.cisco.com/ | | File Size: | 47437 | | Last Modified: | Sep 24 15:28:55 2008 |
| MD5 Checksum: | 22aebd8dc8f2252b504fa40fd7005100 |
|
| /// File Name: |
cisco-sa-20080924-vpn.txt |
Description:
|
Cisco Security Advisory - Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs. Workarounds are available to help mitigate this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 58250 | | Related CVE(s): | CVE-2008-3803 | | Last Modified: | Sep 25 17:31:23 2008 |
| MD5 Checksum: | 401ca7b98271212d9a1f14c3981c7251 |
|
| /// File Name: |
cisco-sr-20080903-csacs.txt |
Description:
|
Cisco Security Advisory - A specially crafted Remote Authentication Dial In User Service (RADIUS) Extensible Authentication Protocol (EAP) Message Attribute packet sent to the Cisco Secure Access Control Server (ACS) can crash the CSRadius and CSAuth processes of Cisco Secure ACS. Because this affects CSAuth all authentication requests via RADIUS or TACACS+ will be affected during exploitation of this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 8286 | | Related CVE(s): | CVE-2008-2441 | | Last Modified: | Sep 3 17:31:51 2008 |
| MD5 Checksum: | 115410313bc62c93c6e6d1391b58bab4 |
|
| /// File Name: |
clamav-chm.txt |
Description:
|
A fuzzing test against ClamAV versions below 0.94 discovered that they suffer from a chm file parsing vulnerability which can possibly be exploited.
| | Author: | Hanno Boeck | | Homepage: | http://www.hboeck.de/ | | File Size: | 1361 | | Related CVE(s): | CVE-2008-1389 | | Last Modified: | Sep 4 13:21:20 2008 |
| MD5 Checksum: | c8b9acfe29e5a5daeac2e3016acef2b1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
