<< Previous Next >>
systems
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(1)
Administrators of systems running Cisco Unified Communications
Manager version 4.x can determine the software version by navigating
to Help > About Cisco Unified CallManager and selecting the Details
button via the Cisco Unified Communications Manager Administration
interface.
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(1)
Administrators of systems running Cisco Unified Communications
Manager version 4.x can determine the software version by navigating
to Help > About Cisco Unified CallManager and selecting the Details
button via the Cisco Unified Communications Manager Administration
interface.
Overview:
/////////
Software called "HP Info Center" is shipped with almost every HP laptop model for few years.
It is designed to support user with quick system information and hardware configuration
using single button touch.
One of its ActiveX controls deployed by default by the vendor has three insecure methods
that allow a malicious person to target the HP notebook machines for a remote code execution
and remote registry manipulation based attacks.
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)
Ben Hawkes discovered that the Linux kernel did not correctly validate
memory ranges on 64bit kernels when allocating memory on behalf of 32bit
system calls. On a 64bit system, a local attacker could perform malicious
multicast getsockopt calls to gain root privileges. (CVE-2010-3081)
Tavis Ormandy discovered that the IRDA subsystem did not correctly shut
down. A local attacker could exploit this to cause the system to crash or
possibly gain root privileges. (CVE-2010-2954)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Content Delivery System Internet
Streamer: Web Server Vulnerability
Advisory ID: cisco-sa-20110525-spcdn
Revision 1.0
affected.
* Cisco TelePresence Video Communication Server (Cisco TelePresence
VCS)
* Cisco Video Surveillance Manager (VSM)
* Cisco Video Surveillance Operations Manager (VSOM)
* Cisco Wireless Control System (WCS)
Products Confirmed Not Vulnerable
+--------------------------------
All UDP protocols that are being inspected by the Cisco ASA UDP
inspection engine may be vulnerable. The following protocols are known
to use the Cisco ASA UDP inspection engine:
* Domain Name System (DNS)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP)
* GPRS Tunneling Protocol (GTP)
* H.323, H.225 RAS
* Media Gateway Control Protocol (MGCP)
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02171256
Version: 1
HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-05-17
Last Updated: 2010-05-17
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Default Passwords in the Application Velocity
System
Advisory ID: cisco-sa-20080123-avs
http://www.cisco.com/warp/public/707/cisco-sa-20080123-avs.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Security Agent for Windows System Driver
Remote Buffer Overflow Vulnerability
Advisory ID: cisco-sa-20071205-csa
http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01183597
Version: 1
HPSBMA02275 SSRT071445 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-03
Last Updated: 2007-10-03
Note: The patches are not available from the HP IT Resource Center (ITRC).
OV NNM v7.53
Operating System - HP-UX (IA)
Resolved in Patch - PHSS_38783 or subsequent
Operating System - HP-UX (PA)
Resolved in Patch - PHSS_38782 or subsequent
Note: The patches are not available from the HP IT Resource Center (ITRC).
OV NNM v7.53
Operating System - HP-UX (IA)
Resolved in Patch - PHSS_38783 or subsequent
Operating System - HP-UX (PA)
Resolved in Patch - PHSS_38782 or subsequent
Note: The patches are not available from the HP IT Resource Center (ITRC).
OV NNM v7.53
===========
Operating System - HP-UX (IA)
Resolved in Patch - PHSS_38148 or subsequent
Operating System - HP-UX (PA)
Resolved in Patch - PHSS_38147 or subsequent
IMPACT
------
By exploiting either of the VMware flaws described in this document,
user-mode code executing in a virtual machine may gain kernel
privileges within the virtual machine, dependent upon the guest
operating system. The flaws have been proven exploitable on x64
versions of Windows, and they have produced potentially exploitable
crashes on x64 versions of *BSD. The Linux kernel does not allow
exploitation of these flaws on x64 versions of Linux.
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The mount(2) and nmount(2) system calls are used by various utilities
in the base system to graft a file system object on to the file system
tree to a given mount point. It is possible to allow unprivileged
users to utililize these system calls by setting the vfs.usermount
sysctl(8) variable.
<snip>
>> You stated in your original message that this is a high-end frame, of
>> the kind generally used by financial institutions etc. I would
>> imagine any system which warrants this kind of hardware would have
>> some level of redundancy or DR.
>
> Oh great! Sun is off the hook for selling something which doesn't
> work, and their customers must mitigate against it themselves.
> Utterly ridiculous.
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
The Hewlett-Packard Company thanks an anonymous researcher working with the iDefense VCP for reporting this vulnerability to security-alert@hp.com.
To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
HP-UX B.11.11
HP-UX B.11.23
5) Path Traversal - CVE-2010-4281 - CVE-2010-4282 - CVE-2010-4283
[+] Introduction
Pandora FMS (for Pandora Flexible Monitoring System) is a software
solution for monitoring computer networks. It allows monitoring in a
visual way the status and performance of several parameters from
different operating systems, servers, applications and hardware systems
such as firewalls, proxies, databases, web servers or routers.
Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2963
Kees Cook discovered an issue in the v4l 32-bit compatibility layer for
64-bit systems that allows local users with /dev/video write permission to
overwrite arbitrary kernel memory, potentially leading to a privilege
escalation. On Debian systems, access to /dev/video devices is restricted to
members of the 'video' group by default.
CVE-2010-3067
* Transparent Firewall Packet Buffer Exhaustion Vulnerability
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* Routing Information Protocol (RIP) Denial of Service
Vulnerability
* Unauthorized File System Access Vulnerability
These vulnerabilities are independent; a release that is affected by
one vulnerability is not necessarily affected by the others.
Cisco has released free software updates that address these
BV919A HP P2000 G3 iSCSI MSA DC w/12 300GB 6G SAS 10K SFF HDD 3.6TB Bundle
BV920A HP P2000 G3 iSCSI MSA DC w/12 600GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV910A HP P2000 G3 iSCSI MSA DC w/24 146GB 6G SAS 15K SFF HDD 3.5TB Bundle
BV911A HP P2000 G3 iSCSI MSA DC w/24 300GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV912A HP P2000 G3 iSCSI MSA DC w/24 600GB 6G SAS 10K SFF HDD 14.4TB Bundle
AW596A HP StorageWorks P2000 G3 10GbE iSCSI MSA Dual Controller LFF Array System
AW597A HP StorageWorks P2000 G3 10GbE iSCSI MSA Dual Controller SFF Array System
AP847A HP StorageWorks P2000 G3 FC MSA Dual Controller Small Business SAN Starter Kit
AP848A HP StorageWorks P2000 G3 FC MSA Dual Controller Virtualization SAN Starter Kit
BK816A HP StorageWorks P2000 G3 FC/iSCSI w/24 300GB 6G SAS 10K SFF DP 7.2K 7.2TB Bundle
BK746SB HP StorageWorks P2000 G3 MSA FC Dual Controller LFF Array Starter Kit/S-Buy
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
OPIE is a one-time password system designed to help to secure a system
against replay attacks. It does so using a secure hash function and a
challenge/response system.
OPIE is enabled by default on FreeBSD.
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.32-22-386 2.6.32-22.36
linux-image-2.6.32-22-generic 2.6.32-22.36
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02027185
Version: 1
HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-27
Last Updated: 2010-04-27
Advisory ID: CORE-2009-0114
Advisory URL:
http://www.coresecurity.com/content/sun-delegated-administrator
Date published: 2009-04-21
Date of last update: 2009-04-21
Vendors contacted: Sun Microsystems
Release mode: Coordinated release
2. *Vulnerability Information*
Cisco Unified Communications Manager, formerly CallManager, contains
a privilege escalation vulnerability in the IP Phone Personal Address
Book (PAB) Synchronizer feature that may allow an attacker to gain
complete administrative access to a vulnerable Cisco Unified
Communications Manager system. If Cisco Unified Communications
Manager is integrated with an external directory service, it may be
possible for an attacker to leverage the privilege escalation
vulnerability to gain access to additional systems configured to use
the directory service for authentication.
IMPACT
------
By exploiting the VMware flaw described in this document, user-mode
code executing in a virtual machine may gain kernel privileges within
the virtual machine, dependent upon the guest operating system. The
flaw has been proven exploitable on x64 versions of Windows, and it
has produced potentially exploitable crashes on x64 versions of *BSD.
The Linux kernel does not allow exploitation of the flaws on x64
versions of Linux.
<<Previous Next>>
|
