Next Page >>
Vendor Response
<object classid="clsid:DD01C8CA-5DA0-4B01-9603-B7194E561D32"
id="obj">
</object>
</html></body>
Vendor Response:
No response received.
Remediation Steps:
No patch currently exists for this issue. To limit exposure,
network access to these devices should be limited to authorized
java -jar start.jar etc/jetty.xml etc/jetty-logging.xml
- Process log files with cat -v if you wish to display them on a
console without using an editor.
VI. VENDOR RESPONSE
Vendor will not release a new version to address these issues but is
working on them in the SNAPSHOT versions.
http://svn.codehaus.org/jetty/jetty/branches/jetty-6.1/VERSION.txt
V. WORKAROUND
Update zabbix from svn the server (svn://svn.zabbix.com) or download
version 1.6.3 when aviable.
VI. VENDOR RESPONSE
Vendor will fix all the exposed vulnerabilities in Zabbix 1.6.3.
VII. CVE INFORMATION
> V. WORKAROUND
>
> Update zabbix from svn the server (svn://svn.zabbix.com) or download
> version 1.6.3 when aviable.
>
> VI. VENDOR RESPONSE
>
> Vendor will fix all the exposed vulnerabilities in Zabbix 1.6.3.
>
> VII. CVE INFORMATION
>
}
CSCO_WebVPN['process'] = a;
csco_wrap_js('');
</script></html>
Vendor Response:
This vulnerability has been corrected in versions 8.0.4.34,
and 8.1.2.25.
Updated Cisco ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
V. WORKAROUND
Upgrade to latest version 5.1.0.
VI. VENDOR RESPONSE
"Our team reviewed the issues reported against current development build
(version 5.1.0) and seem to have
addressed many of them already. In this version we have made several
improvements to performance and
Resolution
----------
Update to version 6.5.8 or 7.0.
Vendor Response
---------------
Sophos have patched this issue in version 7.01.
CVE Details
Technologies Affected
---------------------
Citrix Client 10 for Windows, Mac, Linux, Solaris and Windows Mobile
Vendor Response
---------------
Citrix advise users to upgrade to the latest version of the Citrix client. See the following Citrix support article for more details:
http://support.citrix.com/article/CTX125975
5. Workaround
Disable or uninstall the affected module.
6. Vendor Response
Patches have been made available to eliminate this vulnerability:
http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel
The other version maybe vulnerable too.
This vulnerability has been confirmed on AhnLab V3 Internet Security
2008 Platinum.
Vendor Response:
2007.11.10 Vendor notified via asec@ahnlab.com
2007.11.13 Vendor replied: "Before we received your e-mail, we fixed
the vulnerability on the 9th of November"
2007.11.16 Release this advisory
0x180, 0x181, 0x182, 0x183, 0x184, 0x185, 0x186, 0x187, 0x188, 0x189,
0x18A, 0x18B, and 0x18C. Attackers can leverage these methods to
manipulate both the file system and registry which can result in a
complete system compromise.
-- Vendor Response:
Computer Associates has issued an update to correct this vulnerability.
More details can be found at:
http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp
due to an unbounded string copy utilizing a string controlled by the
user as the source into a fixed length buffer located on the stack.
Successful exploitation can lead to code execution under the context of
the service.
-- Vendor Response:
Computer Associates has issued an update to correct this vulnerability. More
details can be found at:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869
followed by the specific opcode's data, typically in length/value pairs.
These length values are not checked against the destination buffers size
allowing for stack-based overflows to occur. This can lead to arbitrary
code execution in the context of the SYSTEM user.
-- Vendor Response:
Novell has issued an update to correct this vulnerability. More
details can be found at:
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7005572&sliceId=1&docTypeID=DT_TID_1_1&dialogID=138523325&stateId=0%200%20138517923
default on TCP port 402. A lack of proper sanitation while parsing
requests allows for a remote attacker to inject arbitrary SQL statements
into the database. Exploitation of this vulnerability can result in
arbitrary code execution under the context of the SYSTEM user.
-- Vendor Response:
Symantec has issued an update to correct this vulnerability. More
details can be found at:
http://www.symantec.com/avcenter/security/Content/2008.05.14a.html
While parsing POST variables, the vulnerable process copies the contents
of the Template parameter into a fixed length stack buffer using a
vsprintf() call. By supplying a large enough value this buffer can be
overflown leading to arbitrary code execution.
-- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877
When specifying a malicious sample rate for a Windows Media Voice frame,
memory corruption can occur. Successful exploitation of this
vulnerability can lead to remote compromise of the affected system under
the credentials of the currently logged in user.
-- Vendor Response:
Microsoft has issued an update to correct this vulnerability. More
details can be found at:
http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx
Links:
http://www.secniche.org/orabs.html
http://evilfingers.com/advisory/index.php
Vendor Response:
Oracle acknowledges this vulnerability and fix have been release in
critical advisory update of 13 January 2009
Oracle Critical Patch Update:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
When parsing specially formulated xml, the application will corrupt an
internal data structure. Whilst deallocating this data structure, the
application can be tricked into freeing a single allocated chunk
multiple times, which can potentially lead to code execution.
-- Vendor Response:
Trillian has issued an update to correct this vulnerability. More
details can be found at:
http://blog.ceruleanstudios.com/?p=404
What is more, EMC Dantz Retrospect 7 backup server's authentication module
using weak password hash arithmetic,
By buteforce it attacker can gain full control of client's machine
-- Vendor Response:
EMC has issued an update to correct this vulnerability:
http://www.emcinsignia.com/updates
-- Disclosure Timeline:
NtQueryAttributesFile by the filter driver savonaccessfilter.sys. Due to
improper handling of parameters to the function pool corruption can
occur in kernel space. A local attacker can leverage this to execute
arbitrary code in ring 0.
-- Vendor Response:
Sophos has issued an update to correct this vulnerability. More
details can be found at:
http://www.sophos.com/support/knowledgebase/article/111126.html
The specific flaw exists within the quicktime.qts library responsible
for parsing Kodak encoded images. A lack of proper error checking can
result in a heap based buffer overflow leading to arbitrary code
execution under the context of the currently logged in user.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT1241
The third vulnerability allows JNLP files to bypass socket restrictions.
By loading a secondary JNLP with an href attribute containing a
wildcard. When this object is instantiated, all hosts are eligible for
socket connect and accept.
-- Vendor Response:
Sun Microsystems has issued an update to correct this vulnerability. More
details can be found at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244988-1
_______
Timeline |
=======
Bug Found: 16/09/2008
Vendor Contact: 20/09/2008
Vendor Response: 23/09/2008
Public Disclosure: 13/10/2008
ChX Security
http://chxsecurity.org/
Versions Affected: 4.5.3
Vendor URL: http://www.pluck-cms.org/
Bug: Local File Include
Exploits: YES
Reported: 25.08.2008
Vendor Response: 30.08.2008
Solution: YES
Date of Public Advisory: 18.11.2008
Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)
(msragent.exe) which listens by default on TCP port 10444. While
processing SST_CTGTRANS requests the process copies packet data into a
fixed length stack buffer. Exploitation allows for arbitrary code
execution under the context of the SYSTEM user.
-- Vendor Response:
EMC states:
For ControlCenter 5.2 SP5 Software navigate in Powerink to the following
location:
Support > Software Downloads and Licensing > Downloads C > ControlCenter
v 5.x > 5.2 SP5 Patch 4433
>
> > Timeline:
> > ---------
> > Vendor Status: MSRC tracking case closed
> > Vendor Notified: March 31st 2008
> > Vendor Response: May 6th 2008
> > Advisory Release: October 15th 2008
> > Patch available: - (vulnerability not high priority)
>
>
Vendor Response: A product SIM has been created and is available on the GE Fanuc Support Web Site. For more information please consult KB article 12458 at the GE Fanuc Support Web Site.
http://support.gefanuc.com/support/index?page=kbchannel&id=KB12458
CGImageReadGetBytesAtOffset can utilize miscalculated values during a
memmove operation that will result in an exploitable heap corruption
allowing attackers to execute arbitrary code under the context of the
current user.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4077
Please note: IMG tag isn't the only affected, it's just an example.
The attacker then will save his job and can share this document with someone else or send the document link to the victim to obtain his cookie.
IV. Vendor Response:
Google has been informed and has deployed a fix for these vulnerabilities.
V. Disclosure timeline:
23/08/08 - Vulnerabilities discovered
25/08/08 - Google informed
The specific flaw exists in the libnldap library. When a large LDAP
delRequest message is sent, a stack overflow occurs overwriting a
function pointer. This results in a situation allowing the execution of
arbitrary code.
-- Vendor Response:
Novell has issued an update to correct this vulnerability. More
details can be found at:
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3382120&sliceId=SAL_Public&dialogID=59352034&stateId=0%200%2059350122
Next Page>>
|
