<< Previous Next >>
reference
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Select Identity Active Directory Bidirectional LDAP Connector running on Windows. The vulnerabilities could be exploited to allow remote unauthorized access.
References: CVE-2008-1665
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory for Windows Bidirectional LDAP Connector v 2.20, 2.20.001, 2.20.002, 2.30
BACKGROUND
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA Secure Content Manager HTTP Gateway Service
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177784
Solution Document Reference APARs:
Workaround: As a temporary workaround, stop and disable the CA
ARCserve Discovery service. With the service disabled, deploying
agents using Auto-discovery will not work.
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Discovery Service
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=178937
Solution Document Reference APARs:
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Backup caloggerd and xdr functions
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798
Solution Document Reference APARs:
BrightStor ARCserve Backup r11.5 Alert.exe 7.1.758.0
BrightStor ARCserve Backup r11.1 Alert.exe 7.1.758.0
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for Alert Notification Server
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103
Solution Document Reference APARs:
CA Desktop Management Suite 11.2 localized
rxRPC.dll February 18 2008 / 126976
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Backup for Laptops and Desktops
Server and CA Desktop Management Suite
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105
Microsoft KB article 240797
<http://support.microsoft.com/kb/240797> for information on how to
disable an ActiveX control.
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA products using the DSM gui_cm_ctrls ActiveX
control
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256
release (Sophos)
*Vulnerability Information*
Class: Invalid memory reference
Remotely Exploitable: No
Locally Exploitable: Yes
Bugtraq ID: 28741 28742 28743 28744
CVE Name: CVE-2008-1735 CVE-2008-1736 CVE-2008-1737 CVE-2008-1738
{BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3}. Disabling the control may
prevent the GUI from functioning correctly. Refer to Microsoft KB
article 240797 <http://support.microsoft.com/kb/240797> for
information on how to disable an ActiveX control.
References (URLs may wrap):
CA SupportConnect:
http://support.ca.com/
CA products using the DSM ListCtrl ActiveX Control Security Notice
https://support.ca.com/irj/portal/anonymous/phpdocs?filePath=0/common/DSM_ListCtr_secnot.html
Solution Document Reference APARs:
* For Protection Suites r2, follow instructions for BrightStor
ARCserve Backup r11.5.
Workaround: None
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
BrightStor ARCserve Backup Security Notice
http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp
Solution Document Reference APARs:
issue, use DOS 8.3 definitions (ex. C:\progra~1\CA\ingres).
How to determine if you are affected:
Check the %II_SYSTEM%\ingres\version.rel file to identify the
Ingres version. If the installed version of Ingres 2.6 is a
Double-Byte version (should have DBL referenced), please download
the 2.6 Double-Byte patch. Otherwise, use the Single-Byte patch.
Workaround: None
References (URLs may wrap):
* For Protection Suites r2, follow instructions for BrightStor
ARCserve Backup r11.5.
Workaround: None
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
BrightStor ARCserve Backup Security Notice
http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp
Solution Document Reference APARs:
4. Check the version. If the version is less than 8.0.0.93, the
installation is vulnerable.
Workaround: None
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
Security Notice for CA Host-Based Intrusion Prevention System
(CA HIPS) Server
http://supportconnectw.ca.com/public/cahips/infodocs/cahips-secnotice.asp
July 03 2007 / 122880 bytes
Workaround: None
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA ARCserve Backup for Laptops and Desktops Server Security Notice
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp
Solution Document Reference APARs:
the toolbar to view the version. If the version is less than 11.6,
the installation is vulnerable.
Workaround: None
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA BrightStor Hierarchical Storage Manager CsAgent Security Notice
http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp
Solution Document Reference APARs:
can be defined in the URL passed to enter_bug.cgi,
overwriting the User-Agent string and may lead to cross-site scripting.
The guided form is not usually used by Bugzilla
installations, as it is shipped only as an example to be modified for
their own use.
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=386942
Issue 2
- -------
Class: Command Injection
Versions: 2.23.4 and above
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple Safari's Webkit. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists within how the application frees references
from a particular element. When freeing these references, the
application will fail to remove the reference from the rendering object.
Later upon trying to free the element again, the application will access
the freed reference which can lead to code execution under the context
of the application.
to inject both headers and content to any browser that
supported "Server Push" (mostly only Gecko-based browsers
like Firefox). This could lead to Cross-Site Scripting
vulnerabilities, and possibly other more dangerous
security issues as well.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=600464
http://cwe.mitre.org/data/definitions/113.html
CVE Number: CVE-2010-3172
Class: Information Leak
Versions: 2.12 to 3.2.8, 3.4.8, 3.6.2, 3.7.3, 4.1
Proof of concept (move mouse pointer over search input box):
https://target-domain.foo:2381/hpdiags/frontend2/help/search.php?query="onmouseover="alert(1);
References: HP Customer Notice: HPSBMA02615 SSRT100228 rev.1 CVE-2010-4111
Fix: HP have issued a fix, download the appropiate update for your
operating system ensuring the sytem management agent is at least version
v8.5.1.3712 or above.
Fixed In: 3.4.13, 3.6.7, 4.0.3, 4.2rc1
Description: Tabular and graphical reports, as well as new charts have
a debug mode which displays raw data as plain text. This
text is not correctly escaped and a crafted URL could
use this vulnerability to inject code leading to XSS.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=697699
CVE Number: CVE-2011-3657
Class: Unauthorized Account Creation
Versions: 2.23.3 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2,
4.1.1 to 4.1.3
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.
References: CVE-2009-0898 (SSRT090101)
CVE-2009-3845 (SSRT090037, ZDI-CAN-453)
CVE-2009-3846 (SSRT090122, ZDI-CAN-526)
An mbuf is a basic unit of memory management in the FreeBSD kernel
inter-process communication and networking subsystem. Network packets
and socket buffers are dependent on mbufs for their storage.
Data can be embedded directly in mbufs, or mbufs can instead reference
external buffers. The sendfile(2) system call uses external mbuf storage
to directly map the contents of a file into a chain of mbufs for
transmission purposes. The mbuf object supports a read-only flag that
must be honored to prevent modification or writes to buffer data in
cases like these.
custom installations may have added scripts or files into
these directories which contain e.g. passwords or some
other sensitive information. We now forbird access to
these directories from a web browser as a preventive
measure.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=314871
https://bugzilla.mozilla.org/show_bug.cgi?id=434801
CVE Number: CVE-2009-3989
Issue 2
-------
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP TCP/IP Services for OpenVMS Running NTP. The vulnerabilities could be remotely exploited to execute arbitrary code or create a Denial of Service (DoS).
References: SSRT090073, CVE-2009-0159, CVE-2009-1252, CVE-2009-3563
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP TCP/IP Services for OpenVMS v5.5 and v5.6 on Itanium and Alpha platforms.
BACKGROUND
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.
References: CVE-2009-0898 (SSRT090101), CVE-2009-3845 (SSRT090037), CVE-2009-3846 (SSRT090122), CVE-2009-3847 (SSRT090128), CVE-2009-3848 (SSRT090129), CVE-2009-3849 (SSRT090130), CVE-2009-4176 (SSRT090131), CVE-2009-4177 (SSRT090132), CVE-2009-4178 (SSRT090133), CVE-2009-4179 (SSRT090134), CVE-2009-4180 (SSRT090135), CVE-2009-4181 (SSRT090164)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows
BACKGROUND
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers
to cause a denial of service (daemon crash or hang) via a client
disconnection during listing of a large number of print jobs, related
to improperly maintaining a reference count. NOTE: some of these
details are obtained from third party information (CVE-2009-3553).
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue
The Web Application Security Consortium (WASC) is pleased to announce the long awaited release of the WASC
Threat Classification v2.0. The Threat Classification is an effort to classify the weaknesses, and attacks
that can lead to the compromise of a website, its data, or its users. This document's primarily purpose is
to serve as a reference guide for common attacks and weaknesses.
Main goals
- Refine document scope, terminology, and purpose
- Update existing sections when applicable
- Add missing attacks and weaknesses
- Creation of a firm, scalable base foundation allowing for the introduction of data views allowing for various
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP TCP/IP Services for OpenVMS Running NTP. The vulnerabilities could be remotely exploited to execute arbitrary code or create a Denial of Service (DoS).
References: SSRT090073, CVE-2009-0159, CVE-2009-1252, CVE-2009-3563
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP TCP/IP Services for OpenVMS v5.5 and v5.6 on Itanium and Alpha platforms.
BACKGROUND
HtmlTextArea
There are other .Net controls that take properties from the view state that may also be vulnerable. Enumerating them is not very helpful because the solution will always be the same: secure the view state.
Regarding the articles you linked to, I am familiar with Scott Mitchell's. It is a great document, but the vulnerabilities he references have to do with custom use of the view state, not specific flaws inherent in the .Net view state. As we mentioned in the advisory, technically this is a known issue in .Net, although a proof of concept attack against the framework has (to our knowledge) not been documented before.
I've also read Michal Zalewski's advisory. It stands out as (I think) the first specific attacks documented against .Net's view state. However, they are of a different nature than the attack documented in our advisory.
Sacha Faust's post on encoding controls is a useful reference, but isn't directly relevant to view state attacks. The list is of properties that will automatically HTML encode when the programmer sets the value. This isn't necessarily the same as when the value is set in the view state.
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers
to cause a denial of service (daemon crash or hang) via a client
disconnection during listing of a large number of print jobs, related
to improperly maintaining a reference count. NOTE: some of these
details are obtained from third party information (CVE-2009-3553).
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue
<<Previous Next>>
|
