Next Page >>
system
Additional Information
======================
These vulnerabilities affect the following Cisco UVC Linux operating
system products:
* Cisco Unified Videoconferencing 5110 System
* Cisco Unified Videoconferencing 5115 System
The following Cisco UVC VxWorks operating system products are
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
linux-image-2.6.31-112-imx51 2.6.31-112.30
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.31-608-imx51 2.6.31-608.22
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.35-25-generic 2.6.35-25.44~lucid1
linux-image-2.6.35-25-generic-pae 2.6.35-25.44~lucid1
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.32-216-dove 2.6.32-216.33
Bugtraq ID: 27944
CVE Name: CVE-2008-0923
*Vulnerability Description*
Software from VMWare Inc. allows users to run an entire computer system
composed of hardware, OS and applications within a virtualized environment
isolated from the real hardware resources and the computer system that
controls them. Virtualization technologies such as VMware's increase
efficiency in the use of hardware and help to reduce operational costs
through consolidation of servers and desktop system running on fewer and
Index
-----
1.Vulnerablity information
2.Vulnerablity description
3.Vulnerable systems
4.Vendor Information, solutions and workarounds
5.Credits
6.Technical description
6.1.NTLMv1 authentication protocol
6.2.The Flaws
Devices running vulnerable versions of Cisco FWSM Software are
affected by this vulnerability if the following conditions are
satisfied:
* The device has interfaces with IPv6 addresses
* System logging is enabled (command logging enable)
* The device is configured in any way to generate system log
message 302015 (refer to the following examples)
System log message 302015 has a default severity level of 6
(informational) so, assuming that the system administrator has not
Summary
=======
The Cisco Internet Streamer application, part of the Cisco Content
Delivery System, contains a directory traversal vulnerability on its web
server component that allows for arbitrary file access. By exploiting
this vulnerability, an attacker may be able to read arbitrary files on
the device, outside of the web server document directory, by using a
specially crafted URL.
=====================================================================================
Hopeless comments regarding the pointless
"HP System Management Homepage (SMH) Unspecified XSS"
August 25, 2008
=====================================================================================
[Overview]
Since HP does not provide technical details in its security bulletins, it is really
Advisory:
/////////
There is another remotely exploitable flaw within software preinstalled in HP notebook machines. This time, the culprit is automatic software update tool provided by the vendor.The Potential exploitation may lead to user files loss or altering vital system files (e.g. kernel), thus leaving PC unbootable.
Overview:
/////////
Multiple vulnerabilities exist in the Cisco Application Networking
Manager (ANM) and Cisco Application Control Engine (ACE) Device
Manager applications. These vulnerabilities are independent of each
other. Successful exploitation of these vulnerabilities may result in
unauthorized system or host operating system access.
This security advisory identifies the following vulnerabilities:
* ACE Device Manager and ANM invalid directory permissions
vulnerability
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02029444
Version: 1
HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-20
Last Updated: 2010-04-20
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libxine-main1 1.1.1+ubuntu2-7.10
v1.0 2007-01-11 Initial release.
v1.1 2007-08-01 Corrected patch for FreeBSD 5.5.
I. Background
The jail(2) system call allows a system administrator to lock a process
and all of its descendants inside an environment with a very limited
ability to affect the system outside that environment, even for
processes with superuser privileges. It is an extension of, but
far more powerful than, the traditional UNIX chroot(2) system call.
Unpack the archive and follow the instructions in the README.txt file.
OV NNM v7.53
Operating System - HP-UX (IA)
Required Patch - No patch to base NNM v7.53 is required
Archive File - ovas_7.53_hotfix.tar
Archive File MD5 Sum - f9e3a993b3e274fd98e2cea6e255a051
Operating System - HP-UX (PA)
3. Unpack the archive and follow the instructions in the Readme.txt file.
OV NNM v7.53
Operating System - HP-UX (IA)
Required Patch - No patch to base NNM v7.53 is required
Archive File - SSRT080024_NNM7.53.tar
Archive File MD5 Sum - a3a224d2bd9d5461ea9908c7388ff116
Operating System - HP-UX (PA)
Unpack the archive and follow the instructions in the Readme.txt file.
OV NNM v7.53
Operating System - HP-UX (IA)
Required Patch - No patch to base NNM v7.53 is required
Archive File - SSRT080024-2_NNM7.53.tar
Archive File MD5 Sum - 50ea3050712e789027cebbe0fefd81e7
Operating System - HP-UX (PA)
Overview:
/////////
Software called "HP Info Center" is shipped with almost every HP laptop model for few years.
It is designed to support user with quick system information and hardware configuration
using single button touch.
One of its ActiveX controls deployed by default by the vendor has three insecure methods
that allow a malicious person to target the HP notebook machines for a remote code execution
and remote registry manipulation based attacks.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02000727
Version: 1
HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-02-03
Last Updated: 2010-02-03
All UDP protocols that are being inspected by the Cisco ASA UDP
inspection engine may be vulnerable. The following protocols are known
to use the Cisco ASA UDP inspection engine:
* Domain Name System (DNS)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP)
* GPRS Tunneling Protocol (GTP)
* H.323, H.225 RAS
* Media Gateway Control Protocol (MGCP)
3. *Vulnerability Description*
Windows Virtual PC and Microsoft Virtual PC 2007 are system
virtualization desktop applications from Microsoft used to run one or
many virtual hosts on a single physical system. Windows 7 relies on
Virtual PC technology to implement the backward compatibility XP Mode
for legacy Windows applications. Using XP Mode, Windows 7 users can run
Windows applications on a virtualized Windows XP SP3 operating system
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol
4-Byte Autonomous System Number
Vulnerabilities
Advisory ID: cisco-sa-20090729-bgp
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
Affected Products
=================
One or more of these vulnerabilities affect all Cisco TelePresence
endpoint systems that are running a release of Cisco TelePresence
software prior to 1.7.1.
The following table provides information that pertains to affected
software releases:
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)
Ben Hawkes discovered that the Linux kernel did not correctly validate
memory ranges on 64bit kernels when allocating memory on behalf of 32bit
system calls. On a 64bit system, a local attacker could perform malicious
multicast getsockopt calls to gain root privileges. (CVE-2010-3081)
Tavis Ormandy discovered that the IRDA subsystem did not correctly shut
down. A local attacker could exploit this to cause the system to crash or
possibly gain root privileges. (CVE-2010-2954)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Content Delivery System Internet
Streamer: Web Server Vulnerability
Advisory ID: cisco-sa-20110525-spcdn
Revision 1.0
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02171256
Version: 1
HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-05-17
Last Updated: 2010-05-17
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.32-22-386 2.6.32-22.36
linux-image-2.6.32-22-generic 2.6.32-22.36
Advisory ID: CORE-2009-0114
Advisory URL:
http://www.coresecurity.com/content/sun-delegated-administrator
Date published: 2009-04-21
Date of last update: 2009-04-21
Vendors contacted: Sun Microsystems
Release mode: Coordinated release
2. *Vulnerability Information*
Summary: Solaris and Linux file system behavior has changed over
time, breaking one of the assumptions in Postfix. See below for a
description of the behavior and how it disagrees with standards.
Postfix is not affected on systems with standard (POSIX, X/Open)
file system behavior, i.e. *BSD, AIX, MacOS, HP-UX, and very old
Sun/Linux systems. The fix and workarounds are simple.
There are efforts to get the non-standard behavior approved by
standards (a function called llink). Today's fix for Solaris, Linux
Next Page>>
|
