Bytes 51 and onwards contain user controllable values for EAX
and EDX. A weaponized exploit has been developed but will not
be released to the public. See memory location 00401C72.
Timeline:
Jul 20th Contacted CERT-FI vulncoord
Jul 22nd CERT-FI vulcoord responds,coordination started
Aug 9th Status update request sent to CERT-FI
Aug 20th CERT-FI informs that the vendor had suggested
posting the issue to their plic support
forum. Coordination continued.
Attack type: Denial of Service
Risk: Low
Vendor Status: Patch available for WC7232/7242
References: http://www.louhinetworks.fi/advisory/xerox_0908.txt
http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-081.html
http://www.support.xerox.com/go/results.asp?Xtype=download&prodID=WC7232_WC7242&Xlang=en_US&Xcntry=USA
Overview
Everyone,
Below is our announcement for the security issue reported to us from
Codenomicon, via CERT-FI. All previous versions of Apache Traffic Server are
vulnerable, and we urge users to upgrade to either v3.0.4 or v3.1.3
immediately. Both releases are available from our download site at
http://trafficserver.apache.org/downloads
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Description
CERT-FI published an advisory with a large number of samples of crafted
archives.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Description
CERT-FI published an advisory with a large number of samples of crafted
archives.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Description
CERT-FI published an advisory with a large number of samples of crafted
archives.
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.
CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.
Jim
1 app-arch/libarchive < 2.2.4 >= 2.2.4
Description
===========
CPNI, CERT-FI, Tim Kientzle, and Colin Percival reported a buffer
overflow (CVE-2007-3641), an infinite loop (CVE-2007-3644), and a NULL
pointer dereference (CVE-2007-3645) within the processing of archives
having corrupted PaX extension headers.
Impact
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
One of the TLS DoS vulnerabilities was reported to Cisco by CERT-FI.
All the other vulnerabilities described in this advisory were found
during internal testing.
Status of this Notice: FINAL
============================
"June 15 2009
In the issue #66 of the Phrack magazine there was an article on exploiting TCP Persist Timer weaknesses (http://www.phrack.com/issues.html?issue=66&id=9#article )
to cause Denial of Service conditions.
The article discusses issues similar but not the same as the issues reported by Outpost24.
The publication of the Phrack-magazine article will not affect the coordination and schedule related to the issues reported by Outpost24.
CERT-FI emphasizes that the eventual release of the issues reported by Outpost24 will be done in a coordinated fashion."
https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html
Juha-Matti
tasks
* Only grant access to web administration to trusted users
Disclosure Timeline (highlights from the eight month effort):
9. September 2008 - Contacted CERT-FI by email
22. October 2008 - Provided IBM with a clarification
why SSL usage does not fix CSRF
vulnerability
