<< Previous Next >>
md5sums
has assigned the name CVE-2007-5497 to this issue.
4. Solution:
Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.
ESX Server 2.x Patches:
http://www.vmware.com/download/esx/esx2_patches.html
ESX Server 2.5.5 Upgrade Patch 5
~ pegasus-2.5-release-606113.i386.rpm
4. Solution:
Please review the Patch notes for your product and version and verify the
md5sum of your downloaded file.
~ ESX 3.5 patch ESX350-200803214-UG
~ http://download3.vmware.com/software/esx/ESX350-200803214-UG.zip
~ md5sum: 9ff7b416afed3acfbfbb5d1d63ca5060
~ http://kb.vmware.com/kb/1003721
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Fusion 2.0.6 (for Intel-based Macs): Download including
VMware Fusion and a 12 month complimentary subscription to McAfee
VirusScan Plus 2009
deployment history.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
VirtualCenter
-------------
VMware VirtualCenter 2.5 Update 4
http://www.vmware.com/download/download.do?downloadGroup=VC250U4
vulnerability described in CVE-2008-2233.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESXi
----
ESXi 3.5 patch ESXe350-200808501-O-SG
ESX 2.5.4 ESX affected, patch pending
4. Solution:
Please review the Patch notes for your product and version and verify the
md5sum of your downloaded file.
ESX 3.5 (Samba)
http://download3.vmware.com/software/esx/ESX350-200806218-UG
md5sum: dfad21860ba24a6322b36041c0bc2a07
http://kb.vmware.com/kb/1005931
~ has assigned the name CVE-2007-6284 to this issue.
4. Solution:
Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.
ESX 2.5.5 Upgrade Patch 6
http://download3.vmware.com/software/esx/esx-2.5.5-78667-upgrade.tar.gz
md5sum: b4d5e98cc175a507e8f89d9c7b993e2c
http://vmware.com/support/esx25/doc/esx-255-200803-patch.html
Patches can be downloaded here:
1.8 series
Please upgrade to 1.8.5-p115 or 1.8.6-p114.
<URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p115.tar.gz> (md5sum: 20ca6cc87eb077296806412feaac0356)
<URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p114.tar.gz> (md5sum: 500a9f11613d6c8ab6dcf12bec1b3ed3)
1.9 series
Please apply the following patch to lib/webrick/httpservlet/filehandler.rb.
<URL:ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.0-1-webrick-vulnerability-fix.diff> (md5sum: b7b58aed40fa1609a67f53cfd3a13257)
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX 4.0
-------
http://bit.ly/aqTCqn
md5sum: ace37cd8d7c6388edcea2798ba8be939
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX
---
ESX 3.5.0 ESX350-200906407-SG
http://download3.vmware.com/software/vi/ESX350-200906407-SG.zip
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX 3.5
-------
http://download3.vmware.com/software/vi/ESX350-201006401-SG.zip
md5sum: b89fb8a51c4a896bc0bf297b57645d1d
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX 3.5
-------
ESX350-201002401-SG
http://download3.vmware.com/software/vi/ESX350-201002401-SG.zip
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX 4.0
-------
ESX400-200912403-SG
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX 2.5.5 Upgrade Patch 12 Build 142709
www.vmware.com/support/esx25/doc/esx-255-142709-patch.html
http://download3.vmware.com/software/esx/esx-2.5.5-142709-upgrade.tar.gz
md5sum: 2a0bd5cc3591b1f6b04616fa2c97f78c
- -------------
SEED1=`/sysroot/sbin/ifconfig eth0|grep HWaddr|sed -e 's/.*HWaddr //'
- -e 's/ //g'`
SEED2=`cut -f2 -d= /sysroot/etc/raidiator_version |cut -f1 -d,`
[*EDIT*: removed SEED3 as friendly requested by vendor]
echo "root:`echo \"$SEED1 $SEED2 $SEED3\" | md5sum | cut -f1 -d' '`" |
chpasswd
# TAKE ME OUT!!
[ -s /sysroot/.os_passwd ] && echo "root:`/sysroot/usr/bin/head -1
/sysroot/.os_passwd`" | chpasswd
###############
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX 4.0
-------
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-192-20100228-732
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX 4.0
-------
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-195-20100324-069
>
I can't confirm this on xtCommerce 3.0.4. The keywords parameter is
handled frequently, but never printed (and escaped when integrated in
database queries). In which line did you find the vulnerability?
md5sum of my copy (Windows line ending):
89f73d92a197965f6ac2e7cacb091c44 shop/advanced_search_result.php
> (..)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
The problem is:
md5sums and sizes on http://www.libpng.org/pub/png/libpng.html
do not match sourceforge mirrors and ftp.simplesystems.org etc.
libpng.org: 641193 bytes for libpng-1.2.27.tar.bz2
ftp.simplesystems.org and sourceforge: 804821 bytes
VMware Studio 2.0 VMware not affected
4. Solution
Please review the patch/release notes for your product and version
and verify the sha1sum and/or the md5sum of your downloaded file.
VMware Studio 2.0 build 1017-185256
-----------------------------------
http://www.vmware.com/support/developer/studio/
Release notes:
<URI:http://www.trustix.org/errata/trustix-3.0.5/>
or directly at
<URI:http://www.trustix.org/errata/2007/0024/>
MD5sums of the packages:
- --------------------------------------------------------------------------
9a8b959ee11fbe4a45453ce290e0f578 3.0.5/rpms/file-4.17-4tr.i586.rpm
29456be2e892e944f1f7f8aa49bddca1 3.0.5/rpms/file-devel-4.17-4tr.i586.rpm
119de7f9245acc903cbb8d8851581b0a 3.0.5/rpms/gd-2.0.33-10tr.i586.rpm
d6c8e70d67abd60e2424f7c374957497 3.0.5/rpms/gd-devel-2.0.33-10tr.i586.rpm
FILE *f;
int i, j;
char output[33];
md5_context ctx;
unsigned char buf[1000];
unsigned char md5sum[16];
unsigned char salt[20];
printf( "****************************\n");
printf( "Alice BackDoor hash creator \n");
printf( "by saxdax and drPepperOne \n");
<URI:http://www.trustix.org/errata/trustix-3.0.5/>
or directly at
<URI:http://www.trustix.org/errata/2007/0026/>
MD5sums of the packages:
- --------------------------------------------------------------------------
925097a0e9cc738b08396adf5feb00d0 3.0.5/rpms/apache-2.0.59-3tr.i586.rpm
22443efd217adaaba09a447090ce963d 3.0.5/rpms/apache-dbm-2.0.59-3tr.i586.rpm
f10a5f5d01f07218e9650271c527c2e0 3.0.5/rpms/apache-devel-2.0.59-3tr.i586.rpm
64d451329de36bf8cd6d2c4454f2a8d1 3.0.5/rpms/apache-html-2.0.59-3tr.i586.rpm
Description
CERT-FI published an advisory with a large number of samples of crafted
archives.
The file with the md5sum b6046d890e6bd304e3756c88b989559a (named
b6046d890e6bd304e3756c88b989559a.arj) hangs clamav with high load.
If you're running clamav on a mailserver, an attacker can DoS your Server
remotely by sending some mails with the archive attached.
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX 4.0
-------
ESX400-200906001
http://tinyurl.com/ncfu5s
Until a patch or upgrade is released for HP-UX B.11.31, HP has made binary files available to resolve the vulnerability. Please use the following process to download and install the binary file.
1. Download the appropriate named file from this ftp site into a secure directory:
ftp://ss071449:ss071449@hprc.external.hp.com/
2. Unpack using gunzip and verify the cksum or md5sum:
1406468692 4225172 named_9.3.2_11.31IA
400611368 2269184 named_9.3.2_11.31PA
MD5 (named_9.3.2_11.31IA) = 9bd93b513fde895ebc32602824db3341
The updates are available for download from:
ftp://srt80063:srt80063@hprc.external.hp.com
HP-UX Release Apache Depot name MD5 Sum
==========================================================================
B.11.11 (IPv4 and IPv6) HPUXWSA-B219-02-1111ipv6.depot bb0ed9ad6780a4be0880c793a3451d82
B.11.23 PA-32 HPUXWSA-B219-02-1123-32.depot 6deb7bb01a580427523c9f80cec36774
B.11.23 IA-64 HPUXWSA-B219-02-1123-64.depot 38419a29e5076b62084cd3f1a135a9ce
B.11.31 PA-32 HPUXWSA-B219-02-1131-32.depot d84daf07600e98353ca54b723ccbf8f6
Prior to revision 1.24, the readRoleCookie above did not validate the user, role, or password against the database. In order to bypass authentication the BASERole cookie needs to be added to set the user role. The cookie is in the format of role|user|md5hash. The md5 hash required to pass authentication is taken the concatenation of the role (10000), the username (arbitrary), and the string "BASEUserRole".
Since the name is not validated against the database we can use any name. If we select an arbitrary username of nidem we can get the hash value by running the following command from the command line:
echo -n 10000nidemBASEUserRole | md5sum
This command returns a string of 794b69ad33015df95578d5f4a19d390e. This results in a cookie value of:
10000|nidem|794b69ad33015df95578d5f4a19d390e
<URI:http://www.trustix.org/errata/trustix-3.0.5/>
or directly at
<URI:http://www.trustix.org/errata/2007/0028/>
MD5sums of the packages:
- --------------------------------------------------------------------------
95b2ba1599a97537ba2f83931e87bdf6 3.0.5/rpms/fetchmail-6.3.8-2tr.i586.rpm
09a74f684fe7defa895b1f74d4a7143b 3.0.5/rpms/quagga-0.99.9-1tr.i586.rpm
fb58f6d4fa0ca59d2f090890ff72062b 3.0.5/rpms/quagga-contrib-0.99.9-1tr.i586.rpm
37f166765e8f856293c5c158dd7f6b31 3.0.5/rpms/quagga-devel-0.99.9-1tr.i586.rpm
3. Unpack the gz files using gunzip.
4. Verify the cksum or md5sum:
765964855 13967360 XPL_COMPONENT_3.10.040_HPUX.tar
964115406 22978560 XPL_COMPONENT_3.10.040_IPF.tar
1071892883 2324480 XPL_COMPONENT_3.10.040_Linux.tar
2657852015 11857920 XPL_COMPONENT_3.10.040_SOL.tar
1507786934 1510091 XPL_COMPONENT_3.10.040_Win.zip
<<Previous Next>>
|
