Next Page >>
APR
Title: Undocumented Backdoor Access to RuggedCom Devices
Author: jc
Organization: JC CREW
Date: April 23, 2012
CVE: CVE-2012-1803
Background:
RuggedCom is one of a handful of networking vendors who capitalize on
the market for "Industrial Strength" and "Hardened" networking
equipment. You'll find their gear installed in traffic control
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Apache Portable Runtime, APR Utility Library: Execution of
arbitrary code
Date: September 09, 2009
Bugs: #280514
ID: 200909-03
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libapr0 2.0.55-4ubuntu2.7
After a standard system upgrade you need to restart any applications using
apr, such as Subversion and Apache, to effect the necessary changes.
Details follow:
Summary:
========
Subversion clients and servers have multiple heap overflow issues in
the parsing of binary deltas. This is related to an allocation
vulnerability in the APR library used by Subversion.
Clients with commit access to a vulnerable server can cause a remote
heap overflow; servers can cause a heap overflow on vulnerable
clients that try to do a checkout or update.
Debian Security Advisory DSA-1854-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
August 08, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : apr, apr-util
Vulnerability : heap buffer overflow
Debian-specific: no
CVE Id(s) : CVE-2009-2412
Matt Lewis discovered that the memory management code in the Apache
Mandriva Linux Security Advisory MDVSA-2009:195-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apr
Date : August 6, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:314
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apr
Date : December 4, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
===========================================================
Ubuntu Security Notice USN-813-1 August 08, 2009
apr vulnerability
CVE-2009-2412
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Debian Security Advisory DSA-2237-2 security@debian.org
http://www.debian.org/security/ Stefan Fritsch
May 21, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : apr
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0419 CVE-2011-1928
Debian bug : 627182
Mandriva Linux Security Advisory MDVSA-2012:019
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apr
Date : February 14, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Debian Security Advisory DSA-2237-1 security@debian.org
http://www.debian.org/security/ Stefan Fritsch
May 15, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : apr
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0419
===========================================================
Ubuntu Security Notice USN-813-3 August 08, 2009
apr-util vulnerability
CVE-2009-2412
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Mandriva Linux Security Advisory MDVSA-2009:195
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apr
Date : August 6, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________
we are very lucky. The time of the attack is incremented exponentially
with each extra character.
Vulnerability timeline
======================
Apr 12, 2008 - Vulnerability found.
Apr 13, 2008 - Vendor notified (no response).
Apr 15, 2008 - Public disclosure.
Acknowledgments
of the security vulnerabilities addressed in this and earlier releases
is available:
http://httpd.apache.org/security/vulnerabilities_22.html
This release includes the Apache Portable Runtime (APR) version 1.4.5
and APR Utility Library (APR-util) version 1.4.2, bundled with the tar
and zip distributions. The APR libraries libapr and libaprutil (and
on Win32, libapriconv version 1.2.1) must all be updated to ensure
binary compatibility and address many known security and platform bugs.
APR-util version 1.4 represents a minor version upgrade from earlier
Previous, unsupported versions may be affected
Additionally, these vulnerabilities only occur when all of the following
are true:
a) untrusted web applications are being used
b) the SecurityManager is used to limit the untrusted web applications
c) the HTTP NIO or HTTP APR connector is used
d) sendfile is enabled for the connector (this is the default)
Description:
Tomcat provides support for sendfile with the HTTP NIO and HTTP APR
connectors. sendfile is used automatically for content served via the
Mandriva Linux Security Advisory MDVSA-2011:095
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apr
Date : May 20, 2011
Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
>> On ven, 2008-10-17 at 21:07 +0200, Davide Del Vecchio wrote:
>> Hi,
>>
>>> I found and notified this vulnerability to Microsoft in date:
>>>
>>> Tue, 10 Apr 2007 15:40:13 +0200
>>>
>>> You read exactly, April 2007, 1 year and 6 months ago. :(
>>>
>>> The Microsoft Security Response Center opened the case ID MSRC 7368br.
>>>
GenericBrowser__td ">​​​​​<a href="javascript:void(0)" onclick="_chj('__jump_to_RB_table=crm_meeting&__
jump_to_RB_record=22&__jump_to_RB_action=view&day=2012-04-09', '', '');"><span onmousemove="if
(typeof(Utils_Tooltip__showTip)!='undefined')Utils_Tooltip__showTip(this,event,300)" tip="<center>
<b>Meeting</b></center><br><TABLE WIDTH="280" cellpadding="2"
><TR><TD WIDTH="90"><STRONG>Date</STRONG></TD><TD bgcolor=
"white" style="word-wrap: break-word;"><b>Mon - 09 Apr 2012</b></TD
></TR><TR><TD WIDTH="90"><STRONG>Time</STRONG></TD><
TD bgcolor="white" style="word-wrap: break-word;">06:20 - 07:20</TD></TR&
gt;<TR><TD WIDTH="90"><STRONG>Duration</STRONG></TD><TD bgcolor
="white" style="word-wrap: break-word;">1 hour(s) </TD></TR><TR><TD WIDTH="90"><STRONG>Event</STRONG></TD><TD bgcolor="white" style=
"word-wrap: break-word;"><b>"
III. ANALYSIS
Summary:
A) Prelude to the vulnerabities
B) Cross Site Scripting
C) HTTP Response Header Injection
D) HTTP Response Splitting
A) Prelude to the vulnerabities
PRE-CERT Security Advisory
==========================
* Advisory: PRE-SA-2011-03
* Released on: 13 Apr 2011
* Last updated on: 13 Apr 2011
* Affected product: Linux Kernel 2.4 and 2.6
* Impact: denial-of-service
* Origin: storage devices
* Credit: Timo Warns (PRESENSE Technologies GmbH)
7. Time-Line
16 Feb 2009: Discovery of the vulnerability
02 Mar 2009: Vulnerability reported to vendor
02 Mar 2009: Answer from vendor
16 Apr 2009: Patch available
16 Apr 2009: Public Disclosure
8. Exploit
POST /admin/statistics/ConfigureStatistics HTTP/1.0
Cookie: JSESSIONID=....
Mandriva Linux Security Advisory MDVSA-2011:095-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apr
Date : May 23, 2011
Affected: 2010.0
_______________________________________________________________________
Problem Description:
File Date
CA Software Delivery r11.2 C1, C2, C3
dtscore11.dll
218376
THU APR 09 15:02:25 2009
CA Software Delivery r11.2 SP4
dtscore11.dll
218376
THU APR 09 15:19:47 2009
> On ven, 2008-10-17 at 21:07 +0200, Davide Del Vecchio wrote:
> Hi,
>
>> I found and notified this vulnerability to Microsoft in date:
>>
>> Tue, 10 Apr 2007 15:40:13 +0200
>>
>> You read exactly, April 2007, 1 year and 6 months ago. :(
>>
>> The Microsoft Security Response Center opened the case ID MSRC 7368br.
>>
> On ven, 2008-10-17 at 21:07 +0200, Davide Del Vecchio wrote:
> Hi,
>
>> I found and notified this vulnerability to Microsoft in date:
>>
>> Tue, 10 Apr 2007 15:40:13 +0200
>>
>> You read exactly, April 2007, 1 year and 6 months ago. :(
>>
>> The Microsoft Security Response Center opened the case ID MSRC
7368br.
advisory, the webserver should respond:
/-----
405 TRACE method is not allowed
headers = [('date', 'Thu, 28 Apr 2011 20:39:43 GMT'), ('content-length',
'0'), ('connection', 'close'), ('allow', 'GET, HEAD, POST'),
('x-powered-by', 'Servlet/3.0')]
- -----/
Jim
-----Original Message-----
From: Mario Vilas [mailto:mvilas@gmail.com]
Sent: Thursday, April 19, 2012 10:03 AM
To: Richard Barrett
Cc: Gabriel Menezes Nunes; bugtraq
Subject: Re: Squid URL Filtering Bypass
What I understand from the advisory is the Squid proxy is basing its filtering on the Host header when present, even for the CONNECT command which doesn't allow this header at all as it makes no sense. I haven't confirmed the bug but what's being described is definitely a vulnerability.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: APR Utility Library: Multiple vulnerabilities
Date: July 04, 2009
Bugs: #268643, #272260, #274193
ID: 200907-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
see the entire CONNECT request, headers and all - after the request
headers there'll be a pair of newlines, and only *then* the remaining
data is tunneled transparently. So it's the second request's headers
that the proxy won't see.
On Wed, Apr 18, 2012 at 7:46 PM, Richard Barrett
<r.barrett@openinfo.co.uk> wrote:
>
> A forward proxy server when presented with a CONNECT request is solely responsible for attempting to facilitate an end-to-end encrypted path between the requesting client and the far end server. The CONNECT method does no more than create a temporary hole in your firewall.
>
> Only once that is done is a normal HTTP request, including headers such as the Host: header, passed over the encrypted path by the client. Most crucially, the proxy server cannot see the HTTP request or its headers due to the end-to-end encryption. You can use the encrypted path to carry any protocol or data you like and the proxy server is quite oblivious to it as it is opaque to the proxy.
Next Page>>
|
