Next Page >>
Build
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2008-0923 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
VMware ESX 3.0.0 without patches ESX-4809553 ESX-1001204 ESX-1001206
ESX-1001212 ESX-1001205 ESX-1001207
ESX-1001208 ESX-1001209 ESX-1001210
ESX-1001211
VMware ESX 2.5.4 prior to upgrade patch 10 (Build# 53326)
VMware ESX 2.5.3 prior to upgrade patch 13 (Build# 52488)
VMware ESX 2.1.3 prior to upgrade patch 8 (Build# 53228)
VMware ESX 2.0.2 prior to upgrade patch 8 (Build# 52650)
3. Problem description:
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.x any not affected
Workstation 6.5.x any 6.5.4 build 246459 or later
Player 3.x any not affected
Player 2.5.x any 2.5.4 build 246459 or later
ACE 2.6.x Windows not affected
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.x any not affected
Workstation 6.5.x any 6.5.4 build 246459 or later
Player 3.x any not affected
Player 2.5.x any 2.5.4 build 246459 or later
ACE 2.6.x Windows not affected
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.1 build 126130 or later
Workstation 6.0.x any upgrade to at least 6.5.1
Workstation 5.5.x any 5.5.9 build 126128 or later
Player 2.5.x any 2.5.1 build 126130 or later
Player 2.0.x any upgrade to at least 2.5.1
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
Workstation 6.x Windows not affected
Workstation 6.x Linux not affected
Workstation 5.x Windows 5.5.6 build 80404 or later
Workstation 5.x Linux 5.5.6 build 80404 or later
Player 2.x Windows not affected
Player 2.x Linux not affected
Player 1.x Windows 1.0.6 build 80404 or later
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.x Linux 7.1.2 Build 301548 or later
Workstation 7.x Windows not affected
Workstation 6.5.x any not affected
Player 3.1.x Linux 3.1.2 Build 301548 or later
Player 3.1.x Windows not affected
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.x Windows 6.0.5 build 109488 or later
Workstation 6.x Linux not affected
Workstation 5.x Windows 5.5.8 build 108000 or later
Workstation 5.x Linux not affected
Player 2.x Windows 2.0.5 build 109488 or later
Allfusion Harvest Change Manager r7.1
ARCserve for Linux r11.5 GA/SP1
CleverPath Aion BPM r10.1
CleverPath Aion BPM r10.2
Apply the build below that is listed for your platform (note that
URLs may wrap):
AIX
ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar
Release mode: Coordinated but limited disclosure.
Ref : [TZO-20-2009] - AVG generic ZIP bypass / evasion
WWW : http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html
Vendor : http://www.AVG.com
Status : Patched (with engine build 8.5 323)
CVE : none provided
Credit : t.b.a
OSVDB vendor entry: none [1]
Security notification reaction rating : good
Notification to patch window : +-28 days
A potential security vulnerability has been identified with HP Data Protector Express 3.x and 4.x and HP Data Protector Express Single Server Edition (SSE) 3.x and 4.x running on supported Microsoft Windows, Linux, and NetWare versions. The vulnerability could be exploited locally to create a Denial of Service (DoS) or to execute arbitrary code.
References: CVE-2009-0714
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector Express 3.x and HP Data Protector Express SSE 3.x prior to build 47065
HP Data Protector Express 4.x and HP Data Protector Express SSE 4.x prior to build 46537
running on all supported versions of Microsoft Windows, Linux, and Novell NetWare.
Note: The supported versions of Microsoft Windows, Linux, and Novell NetWare are listed below.
A potential security vulnerability has been identified with HP Data Protector Express 3.x and 4.x and HP Data Protector Express Single Server Edition (SSE) 3.x and 4.x running on supported Microsoft Windows, Linux, and NetWare versions. The vulnerability could be exploited locally to create a Denial of Service (DoS) or to execute arbitrary code.
References: CVE-2010-3007, ZDI-CAN 581
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector Express 3.x and HP Data Protector Express SSE 3.x prior to build 56936
HP Data Protector Express 4.x and HP Data Protector Express SSE 4.x prior to build 56906
running on all supported versions of Microsoft Windows, Linux, and Novell NetWare.
Note: The supported versions of Microsoft Windows, Linux, and Novell NetWare are listed below.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
ACE 2.5.x any 2.5.3 build 185404 or later
arbitrary code.
References: CVE-2009-0714
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector Express 3.x and HP Data Protector Express SSE 3.x prior to build 47065
HP Data Protector Express 4.x and HP Data Protector Express SSE 4.x prior to build 46537
running on all supported versions of Microsoft Windows, Linux, and Novell NetWare.
Note: The supported versions of Microsoft Windows, Linux, and Novell NetWare are listed below.
addresses potential information disclosure and updates Java JRE
packages.
2. Relevant releases
VirtualCenter 2.5 before Update 3 build 119838
VMware Workstation 6.0.4 and earlier,
VMware Workstation 5.5.7 and earlier,
VMware Player 2.0.4 and earlier,
VMware Player 1.0.7 and earlier,
has assigned the name CVE-2008-2098 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
Workstation 6.x Windows 6.0.4 build 93057
Workstation 6.x Linux 6.0.4 build 93057
Workstation 5.x Windows not affected
Workstation 5.x Linux not affected
Player 2.x Windows 2.0.4 build 93057
/msgctr/message_display?id=yyy&trash=trash&source_uri=%2Fapp%2Fmsgctr%2Ftrash%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
Affected Versions
Security Console build 6_24 (January 2010).
Message Center Classic build 6_24 (January 2010).
Message Center II build 6_24 (January 2010), build 6_25 (February 2010), build 6_26 (March 2010) and build 6_27 (April 2010).
Mitigation
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any not affected
Workstation 6.0.x any 6.5.0 build 118166 or later
Workstation 5.x any 5.5.9 build 126128 or later
Player 2.5.x any not affected
Player 2.0.x any 2.5.0 build 118166 or later
Player 1.x any 1.0.9 build 126128 or later
exploited locally to create a Denial of Service (DoS) or to execute arbitrary code.
References: CVE-2010-3008, ZDI-CAN 582
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector Express 3.x and HP Data Protector Express SSE 3.x prior to build 56936
HP Data Protector Express 4.x and HP Data Protector Express SSE 4.x prior to build 56906
running on all supported versions of Microsoft Windows.
Note: The supported versions of Microsoft Windows are listed below.
Problem Description:
A vulnerability has been found and corrected in ISC DHCP:
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before
3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build
56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455
and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and
ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528;
allows remote attackers to cause a denial of service (daemon crash)
or execute arbitrary code via a malformed DHCP packet with a large
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any not affected
Workstation 6.0.x any 6.5.0 build 118166 or later
Workstation 5.x any 5.5.9 build 126128 or later
Player 2.5.x any not affected
Player 2.0.x any 2.5.0 build 118166 or later
Player 1.x any 1.0.9 build 126128 or later
Problem Description:
A vulnerability has been found and corrected in ISC DHCP:
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before
3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build
56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455
and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and
ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528;
allows remote attackers to cause a denial of service (daemon crash)
or execute arbitrary code via a malformed DHCP packet with a large
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.2 build 156735 or later
Workstation 6.0.x any upgrade to at least 6.5.2
Player 2.5.x any 2.5.2 build 156735 or later
Player 2.0.x any upgrade to at least 2.5.2
The vulnerabilities disclosed in this advisory affect the Cisco
WRF players. The Microsoft Windows, Apple Mac OS X, and Linux
versions of the players are all affected. Review the following
table for the list of releases that contain the nonvulnerable
code. Affected versions of the players are those prior to client
build T26 SP49 EP40 and T27 SP28. These build numbers are
available only to WebEx site administrators. End users will see a
version such as "Client build: 27.25.4.11889." This indicates the
server is running software version T27 SP25 EP4.
To determine whether a Cisco WebEx meeting site is running an
version of client software that is provided by a WebEx server. The
procedure varies slightly depending on the version of the WebEx
server software. The URL in all the following examples is provided to
meeting participants as part of the WebEx meeting invite.
Client build numbers adhere to the format of XX.YY.ZZ.WWWW. The first
number indicates the major version number of the software build. For
example, a client build number of 26.49.9.2838 indicates a WBS
26-based software version.
For the WBS 26 version:
TSL ID: FSC20100108-01
1. Affected Software
ACD Systems ACDSee Photo Editor 2008 build 286 and prior
ACD Systems ACDSee Photo Manager 8.1 build 99 and prior
ACD Systems ACDSee Photo Manager 9.0 build 108 and prior
2. Vulnerability Summary
III. AFFECTED PRODUCTS
---------------------------
VMware Workstation versions prior to 6.5.4 build 246459
VMware Player versions prior to 2.5.4 build 246459
VMware Server versions 2.x
VMware Movie Decoder versions prior to 6.5.4 Build 246459
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.2 build 156735 or later
Workstation 6.0.x any upgrade to at least 6.5.2
Player 2.5.x any 2.5.2 build 156735 or later
Player 2.0.x any upgrade to at least 2.5.2
Credit: The disclosure of this issue has been credited to National Australia Bank Security
Assurance.
Vulnerable:
Secure Computing Webwasher 6.6.3 build 3102 and older versions running on CGLinux 4/5, RHEL 4, Debian 4, SLES10
Not vulnerable:
Secure Computing Webwasher Builds 3150 and newer (all platforms)
Webwasher (all versions) for Windows
Over the last 4 years, ShmooCon has grown from a little security
conference to a slightly larger security conference. In 2008, ShmooCon
convinced over 1200 people to come to Washington DC in the wintertime
to talk about technology exploitation, inventive software & hardware
hacks, building advanced defenses, as well as open discussion on a
variety of technology & security topics. We hear there's an
inauguration or something going on in January, but things look pretty
quiet in DC after that. So in an effort to help boost DC's post-
inauguration economy, we decided to have ShmooCon 2009. Once again,
ShmooCon will be held at the Wardman Park Marriott, just minutes from
Next Page>>
|
