Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-54-197-19-35.compute-1.amazonaws.com [54.197.19.35]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen month 01 / 2009

System: Mandriva Linux
Topic: Vulnerability in avahi
Links: MDVSA-2009:031, CVE-2008-5081
ID: ae-200901-075

A vulnerability has been discovered in Avahi before 0.6.24, which allows remote attackers to cause a Denial-of-Service (DoS, crash) via a crafted mDNS packet with a source port of 0. Version 0.6.24 remedies this problem.

System: Various
Topic: Vulnerability in HP Select Access
Links: HPSBMA02403 SSRT090007, CVE-2009-0204, ESB-2009.0103
ID: ae-200901-074

A security vulnerability has been identified with HP Select Access running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to allow cross site scripting (XSS). A patch to fix this problem is available now.

System: Sun Solaris
Topic: Vulnerabilities in kernel and samba
Links: Sun Alert #240086, Sun Alert #248026, ESB-2009.0107, ESB-2009.0111, Sun Alert #249086, ESB-2009.0108
ID: ae-200901-073

A security vulnerability in the Solaris ip(7P) kernel module's IP-in-IP packet processing may allow a local unprivileged user to cause a system panic, resulting in a Denial of Service (DoS).
A heap-based buffer overflow in the Samba client (SMBCLIENT(1)) may allow a remote unprivileged user to execute arbitrary code using a crafted SMB response.
Patches are available now.

System: openSUSE 11.0
Topic: Vulnerabilities in Linux Kernel 2.6.x
Links: SUSE-SA:2009:008
ID: ae-200901-072

Several vulnerabilities have been discovered in the Linux kernel of openSUSE 11.0. An updated Linux Kernel fixes this problem.

System: Various
Topic: Vulnerabilities in Red Hat Certificate System
Links: RHSA-2009-0006, CVE-2008-2367, CVE-2008-2368, CVE-2008-5082, ESB-2009.0101
ID: ae-200901-071

It was discovered that Red Hat Certificate System uses insecure default file permissions on certain configuration files and stores plain text passwords in multiple debug log files with insufficient access restrictions. Fixed software is available now.

System: Red Hat Enterprise Linux
Topic: Vulnerability in ntp
Links: RHSA-2009-0046, CVE-2009-0021, ESB-2009.0102
ID: ae-200901-070

A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of cryptographic signatures, allowing time-spoofing attacks. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in moin
Links: DSA-1715, CVE-2009-0260, CVE-2009-0312, ESB-2009.0100
ID: ae-200901-069

It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks. Another cross-site scripting vulnerability was discovered in the antispam feature. Fixed packages are available now.

System: Turbolinux
Topic: Vulnerabilities in phpMyAdmin
Links: TLSA-2009-3, CVE-2008-5621, CVE-2008-5622
ID: ae-200901-068

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases over the Web. Two differen Cross-Site Request Forgery (CSRF) attacks were found, leading to SQL injection and unauthorized action, respectively. Please update your systems.

System: Sun Solaris
Topic: Vulnerability in IPv6 implementation
Links: Sun Alert #251006, CVE-2009-0304, ESB-2009.0099
ID: ae-200901-067

An insufficient validation security vulnerability in the Solaris IPv6 implementation (ip6(7p)) may allow a remote privileged user to panic the system using a crafted packet. This is a type of Denial-of-Service (DoS). A workaround as well as a patch is available now.

System: Various
Topic: Vulnerability in Sun Java System Access Manager
Links: Sun Alert 242046, ESB-2009.0097
ID: ae-200901-066

A security vulnerability in Sun Java System Access Manager may allow a remote unprivileged user to determine the existence of "guessed" usernames. Updated software remedies this potential problem.

System: Debian GNU/Linux
Topic: Vulnerabilities in rt2400, rt2500, and rt2570
Links: DSA-1712, DSA-1713, DSA-1714, CVE-2009-0282, ESB-2009.0096
ID: ae-200901-065

It has been discovered that an integer overflow in the "Probe Request" packet parser of the Ralinktech wireless drivers might lead to remote Denial-of-Service or the execution of arbitrary code. Updated packages are available now.

System: Various
Topic: Vulnerability in Autonomy Ultraseek
Links: Ultraseek, VU#202753
ID: ae-200901-064

The Autonomy Ultraseek search engine contains an URL redirection vulnerability. The destination URL can be obsfucated in the redirect by using URL encoding techniques. To exploit this issue, an attacker would need to get a user to click on a link or browse to a website. Updated software seems to be available.

System: Turbolinux
Topic: Vulnerabilities in php
Links: CVE-2007-4782, CVE-2007-4850, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, TLSA-2009-2
ID: ae-200901-063

Multiple vulnerabilities have been discovered in php. They can be patched now by installing the latest version.

System: Sun Solaris
Topic: Vulnerability in Sun Solaris "autofs" Kernel Module
Links: Sun Alert #249966, ESB-2009.0095
ID: ae-200901-062

A security vulnerability in the Solaris "autofs" kernel module may allow a local unprivileged user to cause "autofs" mounts to break, which is a type of Denial-of-Service (DoS). In rare occurrences, this may allow an unprivileged user to execute code as a root user. A patch is available now.

System: Various
Topic: Vulnerabilities in the CA Anti-Virus Engine
Links: CA20090126-01, CVE-2009-0042, ESB-2009.0094
ID: ae-200901-061

The CA Anti-Virus engine contains multiple vulnerabilities that can allow a remote attacker to evade detection by the Anti-Virus engine by creating a malformed archive file in one of several common file archive formats. CA has released a new Anti-Virus engine to address the vulnerabilities.

System: Microsoft Windows
Topic: Vulnerability in CA Cohesion Tomcat
Links: CA20090123-01, ESB-2009.0093
ID: ae-200901-060

Multiple security risks exist in Apache Tomcat as included with CA Cohesion Application Configuration Manager. CA has issued an update to address the vulnerabilities. Please refer to the advisory to get a full list of the CVE identifiers ranging from 2005 to 2008.

System: Mandriva Linux
Topic: Vulnerabilities in php/php4, pidgin, phpMyAdmin, CUPS, and amarok
Links: MDVSA-2009:021, MDVSA-2009:022, MDVSA-2009:023, MDVSA-2009:024, CVE-2007-4782, CVE-2007-4850, CVE-2008-1384, CVE-2008-2371, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498,
MDVSA-2009:025, CVE-2008-2955, CVE-2008-2957, CVE-2008-3532,
MDVSA-2009:026, CVE-2008-4775, CVE-2008-5621, CVE-2008-5622, ESB-2009.0091,
MDVSA-2009:027, MDVSA-2009:028, MDVSA-2009:029, CVE-2008-5183, CVE-2008-5184, CVE-2008-5286, CVE-2009-0032, ESB-2009.0092,
MDVSA-2009:030, CVE-2009-0135, CVE-2009-0136
ID: ae-200901-059

The programs above show vulnerabilities which should be fixed now using the latest patches.

System: Sun Solaris
Topic: Vulnerability in Solaris Pseudo-terminal Driver
Links: Sun Alert #249586, ESB-2009.0090
ID: ae-200901-058

A race condition security vulnerability in the Solaris pseudo-terminal driver (pty(7D)) module may allow a local unprivileged user to panic the system causing a Denial-of-Service (DoS). A patch is available now.

System: Sun Solaris
Topic: Vulnerability caused by IKE Packet Handling
Links: Sun Alert #247406, ESB-2009.0089
ID: ae-200901-057

A security vulnerability in IKE packet handling in the libike library shipped with Solaris may allow a remote unprivileged user to crash the in.iked(1M) daemon, which is a type of Denial-of-Service (DoS). A patch is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in TYPO3
Links: DSA-1711, CVE-2009-0255, CVE-2009-0256, CVE-2009-0257, CVE-2009-0258, ESB-2009.0088
ID: ae-200901-056

Several remotely exploitable vulnerabilities have been discovered in the TYPO3 web content management framework. Fixed packages are available now.

System: Many
Topic: Vulnerability in EMC AutoStart
Links: ZDI-09-009, ESB-2009.0086
ID: ae-200901-055

A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC AutoStart. The specific flaw exists within the Backbone service (ftbackbone.exe) which listens by default on TCP port 8042. The process trusts a DWORD value from incoming packets which it arbitrarily calls. Exploitation of this issue leads to code execution under the context of the SYSTEM user. EMC AutoStart 5.3 SP2 addresses this issue.

System: Debian GNU/Linux
Topic: Vulnerability in ganglia-monitor-core
Links: DSA-1710, CVE-2009-0241, ESB-2009.0087
ID: ae-200901-054

A stack-based buffer overflow was discovered in gmetad, the meta-daemon for the ganglia cluster monitoring toolkit, which could be triggered via a request with long path names and might enable arbitrary code execution. Fixed packages are available now.

System: Mandriva Linux
Topic: Vulnerabilities in CUPS
Links: MDVSA-2009:028, CVE-2008-5183, CVE-2008-5184, CVE-2008-5286, CVE-2009-0032
ID: ae-200901-053

CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a Denial-of-Service (DoS) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy. CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. CUPS shipped with Mandriva Linux also allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. Fixed packages are available now.

System: SuSE Linux
Topic: Vulnerability in OpenSSL certificate checking
Links: SUSE-SA:2009:006, CVE-2008-5077
ID: ae-200901-052

The OpenSSL certificate checking routines EVP_VerifyFinal can return negative values and 0 on failure. In some places negative values are not checked and considered successful verification. Prior to the latest update it has been possible to bypass the certification chain checks of openssl.

System: Sun Solaris
Topic: Vulnerability in kernel
Links: Sun Alert #250066, ESB-2009.0084
ID: ae-200901-051

A security vulnerability in the sun4v kernel for Sun UltraSPARC T2 and UltraSPARC T2+ systems may allow a local unprivileged user to panic the system, which is a type of Denial of Service (DoS). A patch is available now.

System: Various
Topic: Vulnerability in Sun Java System Application Server
Links: Sun Alert 245446, ESB-2009.0083
ID: ae-200901-050

A security vulnerability in Sun Java System Application Server may allow a remote unprivileged user to read Web Application configuration files in WEB-INF and META-INF directories. Patches are available now.

System: Mandriva Linux
Topic: Vulnerabilities in xine-lib
Links: MDVSA-2009:020, CVE-2008-3231, CVE-2008-5233, CVE-2008-5233, CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240, CVE-2008-5241, CVE-2008-5243, CVE-2008-5245, CVE-2008-5246, ESB-2009.0085
ID: ae-200901-049

Several vulnerabilities were found in xine-lib. Fixed packages are available now.

System: openSUSE 10.3
Topic: Vulnerabilities in Linux Kernel 2.6.x
Links: SUSE-SA:2009:004
ID: ae-200901-048

Several vulnerabilities have been discovered in the Linux kernel of openSUSE 10.3. An updated Linux Kernel fixes this problem.

System: Various
Topic: Vulnerabilities in Apple Safari
Links: APPLE-SA-2009-01-21, APPLE-SA-2009-01-21, AL-2009.0006, ESB-2009.0081
ID: ae-200901-047

Several vulnerabilities were found in Apple QuickTime and in the QuickTime MPEG-2 Playback Component. Fixed software is available now.

System: Cisco
Topic: Vulnerability in Cisco Unified Communications Manager
Links: Cisco, CVE-2009-0057, ESB-2009.0080
ID: ae-200901-046

Cisco Unified Communications Manager, formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Certificate Authority Proxy Function (CAPF) service. Exploitation of this vulnerability could cause an interruption in voice services. Cisco has released free software updates that address this vulnerability.

System: Cisco
Topic: Vulnerability in Cisco Security Manager
Links: Cisco, CVE-2008-3820, AL-2009.0005
ID: ae-200901-045

Cisco Security Manager contains a vulnerability when it is used with Cisco IPS Event Viewer (IEV) that results in open TCP ports on both the Cisco Security Manager server and IEV client. An unauthenticated, remote attacker could leverage this vulnerability to access the MySQL databases or IEV server. Cisco has released free software updates that address this vulnerability.

System: Debian GNU/Linux
Topic: Vulnerability in shadow
Links: DSA-1709, CVE-2008-5394
ID: ae-200901-044

It was discovered that login, the system login tool, did not correctly handle symlinks while setting up tty permissions. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation. Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerability in Microsoft Windows
Links: TA09-020A, ESB-2009.0076
ID: ae-200901-043

Disabling AutoRun on Microsoft Windows systems can help prevent the spread of malicious code. However, Microsoft's guidelines for disabling AutoRun are not fully effective, which could be considered a vulnerability. A workaround is described in the advisory.

System: Sun Solaris
Topic: Vulnerability in vncviewer
Links: Sun Alert #248526, CVE-2008-4770, ESB-2009.0066
ID: ae-200901-042

A Security Vulnerability in the vncviewer(1) RFB Protocol Validation May Allow Execution of Arbitrary Code and Lead to a Denial of Service (DoS). A patch is available now.

System: Various
Topic: Vulnerabilities in Sun Java System Access Manager
Links: Sun Alert 242166, Sun Alert 249106, CVE-2009-0169, CVE-2009-0170, ESB-2009.0077, ESB-2009.0078
ID: ae-200901-041

A security vulnerability in the Sun Java System Access Manager may allow unauthorized access to resources by revealing passwords to remote users who have privileges to access the administration console. A security vulnerability in Sun Java System Access Manager may allow a sub-realm administrator to escalate their privileges and access the root realm as an administrator. Patches are available now.

System: Various
Topic: Vulnerability in HP OpenView Network Node Manager
Links: HPSBMA02400 SSRT080144, CVE-2008-0067, ESB-2009.0073
ID: ae-200901-040

Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code. A patch to fix this problem is available now.

System: openSUSE 11.0
Topic: Vulnerabilities in Linux Kernel 2.6.x
Links: SUSE-SA:2009:003
ID: ae-200901-039

Several vulnerabilities have been discovered in the Linux kernel of openSUSE 11.0. An updated Linux Kernel fixes this problem.

System: SuSE Linux
Topic: Vulnerabilities in imlib2, valgrind, kvm, cups, lynx, and xterm
Links: SUSE-SR:2009:002
ID: ae-200901-038

A SUSE Security Summary reports about vulnerabilities in the packages wireshark, mysql, imap, rsyslog, courier-authlib, nfs-utils, libxml2, python, jhead, git, samba, vinagre, and opera. Updated packages are available now and should be installed on vulnerable systems.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in dovecot
Links: RHSA-2009-0205, CVE-2008-4577, CVE-2008-4870, ESB-2009.0075
ID: ae-200901-037

A flaw was found in Dovecot's ACL plug-in. The ACL plug-in treated negative access rights as positive rights, which could allow an attacker to bypass intended access restrictions. A password disclosure flaw was found with Dovecot's configuration file. If a system had the "ssl_key_password" option defined, any local user could view the SSL key password. Fixed packages are available now.

System: Red Hat Enterprise Linux 5
Topic: Vulnerabilities in Kernel
Links: RHSA-2009-0225, CVE-2008-5029, CVE-2008-5079, CVE-2008-5182, ESB-2009.0074
ID: ae-200901-036

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux 5. Fixed kernel packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerability in squirrelmail
Links: RHSA-2009-0057, CVE-2009-0030, ESB-2009.0070
ID: ae-200901-035

SquirrelMail is a webmail package written in PHP. The Red Hat SquirrelMail packages provided by the RHSA-2009:0010 advisory introduced a session handling flaw. Users who logged back into SquirrelMail without restarting their web browsers were assigned fixed session identifiers. A remote attacker could make use of that flaw to hijack user sessions. Updated packages solve this vulnerability.

System: Debian GNU/Linux
Topic: Vulnerabilities in GIT
Links: DSA-1708, CVE-2008-5516, CVE-2008-5517, ESB-2009.0071
ID: ae-200901-034

Several vulnerabilities have been found in gitweb, the web interface for the Git version control system. Remote attackers might use specially crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality. Additionally, local users with write access to the configuration of a Git repository served by gitweb could cause gitweb to execute arbitrary shell commands with the permission of the web server. Updated packages are available now.

System: Microsoft Windows
Topic: Vulnerability in Symantec AppStream Client
Links: AV09-004, ESB-2009.0067
ID: ae-200901-033

A vulnerability in Symantec AppStream Client has been found. An attacker can exploit this issue by luring a user to download and execute code via a malicious webpage. This could result in a browser crash or allow unauthorized access to add, modify, overwrite or corrupt existing files on the targeted system. Unauthorized access to the vulnerable LaunchObj ActiveX control could result in possible arbitrary code execution in the context of the client. An updated version is available now.

System: Sun Solaris
Topic: Vulnerability in libxml2
Links: Sun Alert #247346, CVE-2008-3529, ESB-2009.0066
ID: ae-200901-032

A security vulnerability in the libxml2 library bundled with Solaris 9 and Solaris 10 may allow a local or remote unprivileged user who provides a specially crafted XML file to cause a Denial-of-Service (DoS) to the application which is using the libxml2 library. A patch is available now.

System: Sun Solaris
Topic: Vulnerability in Apache 1.3 mod_perl
Links: Sun Alert #248386, CVE-2007-1349, ESB-2009.0064
ID: ae-200901-031

A security vulnerability in Solaris related to the Apache HTTP server may affect the Apache 1.3 web server bundled with Solaris 8, 9 and 10. The vulnerability, a Denial-of-Service(DoS) in the "RunPerl.pm" component of the mod_perl(3) Apache server module, may allow a remote unprivileged user to cause a Denial-of-Service to the Apache "httpd" process. A patch is available now.

System: Various
Topic: Vulnerabilities in Drupal 3rd party modules
Links: DRUPAL-SA-CONTRIB-2009-003, ESB-2009.0057
DRUPAL-SA-CONTRIB-2009-004, ESB-2009.0063
ID: ae-200901-030

The third-party i18n module enables users to make a translation of an existing item of content (a node). In that process the existing node's content is copied into the new node. The module contains a flaw that allows a user with the 'translate node' permission to potentially bypass normal viewing access restrictions, for example allowing the user to see the content of unpublished nodes even if they don't have permission to view unpublished nodes.
A user triggering the cron processing of the Notify module may end up getting logged in as another user when the Notify operations do not complete succesfully.
Updates solve these potential problems. Please be aware that Drupal core is not affected.

System: Mandriva Linux
Topic: Vulnerabilities in qemu, kvm, virtualbox, mozilla-thunderbird, mplayer, xen, Apache Tomcat, and imlib2
Links: MDVSA-2009:008, CVE-2008-5714, CVE-2008-2382, ESB-2009.0056,
MDVSA-2009:009, CVE-2008-5714, CVE-2008-2382, ESB-2009.0056,
MDVSA-2009:010, CVE-2008-2382,
MDVSA-2009:011, CVE-2008-5256,
MDVSA-2009:012, CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512,
MDVSA-2009:013, MDVSA-2009:014, CVE-2008-4866, CVE-2008-4867, CVE-2008-5616,
MDVSA-2009:016, CVE-2008-0928, CVE-2008-4405, CVE-2008-4993,
MDVSA-2009:018, CVE-2007-5333,
MDVSA-2009:019, CVE-2008-5187
ID: ae-200901-029

The programs above show vulnerabilities which should be fixed now using the latest patches.

System: Various
Topic: Some Vulnerabilities in Drupal
Links: DRUPAL-SA-2009-001, ESB-2009.0058
ID: ae-200901-028

Multiple vulnerabilities have been discovered in Drupal Core. Fixed software is available and should be installed now. Please don't use versions of Drupal below 5.15 or 6.9, respectively.

System: Sun Solaris 10
Topic: Vulnerabilities in lpadmin and ppdmgr
Links: Sun Alert #249306, ESB-2009.0055, ESB-2009.0109
ID: ae-200901-027

Security vulnerabilities in the Solaris lpadmin(1M) and the ppdmgr(1M) print utilities may, under specific circumstances, allow local unprivileged users to cause a Denial-of-Service (DoS) to certain system services or to the system as a whole. A patch solves this problem.

System: Sun Solaris
Topic: Vulnerabilities in posix_fallocate System Call
Links: Sun Alert #239188, CVE-2009-0131, CVE-2009-0132, ESB-2009.0054
ID: ae-200901-026

A security vulnerability relating to the posix_fallocate(3C) system call may allow a local unprivileged user to panic the system, which is a type of Denial-of-Service (DoS). A patch remedies this problem.

System: Cisco
Topic: Vulnerabilities in Cisco IOS
Links: Cisco, CVE-2008-3821, ESB-2009.0053
ID: ae-200901-025

Two separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site scripting (XSS) vulnerabilities have been reported to Cisco by two independent researchers. Further information is provided in the advisory. As a workaround, the HTTP server can be disabled, but also fixed versions are available now.

System: Cisco
Topic: Vulnerabilities in IronPort Encryption Appliance
Links: Cisco, CVE-2009-0053, CVE-2009-0054, CVE-2009-0055, CVE-2009-0056, ESB-2009.0052
ID: ae-200901-024

IronPort PXE Encryption is an e-mail encryption solution that is designed to secure e-mail communications without the need for a Public Key Infrastructure (PKI) or special agents on receiving systems. The IronPort PXE Encryption solution is affected by two vulnerabilities that could allow unauthorized individuals to view the contents of secure e-mail messages. Further on, the IronPort Encryption Appliance devices contain two vulnerabilities that could allow unauthorized users to gain access to the IronPort Encryption Appliance administration interface and modify other users' settings. Cisco has released free software updates that address these vulnerabilities.

System: Cisco
Topic: Vulnerability in Cisco ONS
Links: Cisco, CVE-2008-3818, ESB-2009.0051
ID: ae-200901-023

The Cisco ONS 15300 series Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching Platform contains a vulnerability when processing TCP traffic streams that may result in a reload of the device control card. Cisco has released free software updates that address this vulnerability, which is a Denial-of-Service (DoS).

System: Debian GNU/Linux
Topic: Vulnerabilities in xulrunner
Links: DSA-1704, CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512, ESB-2009.0050
ID: ae-200901-022

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The consequences might be e.g. integer overflows, publishing sensitive data, but also the possibility to run arbitrary JavaScript code. An updated package solves these problems.

System: Mandriva Linux
Topic: Vulnerabilities in ffmpeg and kdebase
Links: MDVSA-2009:015, CVE-2008-4866, CVE-2008-4867, ESB-2009.0068,
MDVSA-2009:017, CVE-2007-5963, ESB-2009.0069
ID: ae-200901-021

Several vulnerabilities have been discovered in ffmpeg, related to the execution of DTS generation code and incorrect handling of DCA_MAX_FRAME_SIZE value.
A vulnerability in KDM allowed a local user to cause a denial of service via unknown vectors.
Fixed packages are available now.

System: Various
Topic: Vulnerabilities in Red Hat Certificate System
Links: RHSA-2009-0006, CVE-2008-2367, CVE-2008-2368, ESB-2009.0059
ID: ae-200901-020

It was discovered that Red Hat Certificate System uses insecure default file permissions on certain configuration files and stores plain text passwords in multiple debug log files with insufficient access restrictions. Fixed software is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in netatalk and amarok
Links: DSA-1705, CVE-2008-5718, ESB-2009.0060
DSA-1706, ESB-2009.0061
ID: ae-200901-019

It was discovered that netatalk, an implementation of the AppleTalk suite, is affected by a command injection vulnerability when processing PostScript streams via papd. This could lead to the execution of arbitrary code.
It was discovered that integer overflows in the code the Amarok media player uses to parse Audible files may lead to the execution of arbitrary code.
Fixed packages are available now.

System: Cisco Global Site Selector Appliances
Topic: Vulnerability in DNS
Links: Cisco, CVE-2008-3819, ESB-2009.0016
ID: ae-200901-018

The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS. Cisco has released free software updates that address this vulnerability.

System: Various
Topic: Vulnerabilities in Oracle procucts
Links: Oracle, AU-2009.0004
ID: ae-200901-017

Oracle has published a Critical Patch Update for many different products. The October advisory addresses 41 security related problems. So it's recommended to update vulnerable systems as soon as possible.

System: Microsoft Windows
Topic: Vulnerabilities in Microsoft Windows
Links: MS09-001, CVE-2008-4114, CVE-2008-4834, CVE-2008-4835, AL-2008.0003
ID: ae-200901-016

No further comment due to legal reasons

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in java-1.6.0-ibm and java-1.5.0-ibm
Links: RHSA-2009-0015, RHSA-2009-0016, ESB-2009.0045
ID: ae-200901-015

Several vulnerabilities were found in the IBM Java releases. Affected are the packages java-1.6.0-ibm and java-1.5.0-ibm. Fixed packages are available now.

System: SuSE Linux
Topic: Vulnerabilities in wireshark, mysql, imap, rsyslog, courier-authlib, nfs-utils, libxml2, python, jhead, git, samba, vinagre, and opera
Links: SUSE-SR:2009:001
ID: ae-200901-014

A SUSE Security Summary reports about vulnerabilities in the packages wireshark, mysql, imap, rsyslog, courier-authlib, nfs-utils, libxml2, python, jhead, git, samba, vinagre, and opera. Updated packages are available now and should be installed on vulnerable systems.

System: Red Hat Enterprise Linux 4
Topic: Vulnerabilities in Kernel
Links: RHSA-2009-0014, CVE-2008-3275, CVE-2008-4933, CVE-2008-4934, CVE-2008-5025, CVE-2008-5029, CVE-2008-5300, CVE-2008-5702, ESB-2009.0049
ID: ae-200901-013

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux 4. Fixed kernel packages are available now.

System: Various
Topic: Vulnerability in ntpd
Links: CVE-2009-0021, DSA-1702, ESB-2009.0039, FreeBSD-SA-09:03, ESB-2009.0046, MDVSA-2009:007, RHSA-2009-0046
ID: ae-200901-012

It has been discovered that NTP, an implementation of the Network Time Protocol, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which may ultimately lead to the acceptance of unauthenticated time information. Fixed software is available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in squirrelmail and avahi
Links: RHSA-2009-0010, CVE-2008-2379, CVE-2008-3663, ESB-2009.0036,
RHSA-2009-0013, CVE-2008-5081, ESB-2009.0037
ID: ae-200901-011

Several vulnerabilities were found in squirrelmail.
A denial of service flaw was discovered in avahi-daemon. A remote attacker on the same local area network (LAN) could send a specially-crafted mDNS (Multicast DNS) packet that would cause avahi-daemon to exit unexpectedly due to a failed assertion check.
Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in gforge, zaptel, and lasso
Links: DSA-1698, CVE-2008-2381, ESB-2009.0028
DSA-1699, CVE-2008-5396, CVE-2008-5744, ESB-2009.0029
DSA-1700, CVE-2009-0050, ESB-2009.0030
ID: ae-200901-010

It was discovered that GForge, a collaborative development tool, insufficiently sanitises some input allowing a remote attacker to perform SQL injection.
An array index error in zaptel, a set of drivers for telephony hardware, could allow users to crash the system or escalate their privileges by overwriting kernel memory.
It was discovered that Lasso, a library for Liberty Alliance and SAML protocols performs incorrect validation of the return value of OpenSSL's DSA_verify() function.
Fixed packages are available now.

System: Red Hat Enterprise Linux 2.1
Topic: Vulnerabilities in Kernel
Links: RHSA-2009-0001, CVE-2006-4814, CVE-2007-3848, CVE-2007-4308, CVE-2007-6063, CVE-2008-0007, CVE-2008-2136, CVE-2008-3275, CVE-2008-3525, CVE-2008-4210, ESB-2009.0023
ID: ae-200901-009

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux 2.1. Fixed kernel packages are available now.

System: Cisco Global Site Selector Appliances
Topic: Vulnerability in DNS
Links: Cisco, CVE-2008-3819, ESB-2009.0016
ID: ae-200901-008

The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS. Cisco has released free software updates that address this vulnerability.

System: Various
Topic: Vulnerability in BIND
Links: CVE-2009-0025, ESB-2009.0017, RHSA-2009-0025.html, ESB-2009.0024, DSA-1703, ESB-2009.0040, FreeBSD-SA-09:04, ESB-2009.0047, OpenBSD, SUSE-SA:2009:005, Sun Alert #250846, ESB-2009.0098, MDVSA-2009:037
ID: ae-200901-007

A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. Fixed software is available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in xen, gnome-vfs, gnome-vfs2, dbus, lcms, and xterm
Links: RHSA-2009-0003, CVE-2008-4405, CVE-2008-4993, ESB-2009.0008,
RHSA-2009-0005, CVE-2005-0706, ESB-2009.0010,
RHSA-2009-0008, CVE-2008-3834, ESB-2009.0011,
RHSA-2009-0011, CVE-2008-5316, CVE-2008-5317, ESB-2009.0012,
RHSA-2009-0018, CVE-2008-2383, ESB-2009.0013
ID: ae-200901-006

Several vulnerabilities were found in xen.
A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim's machine.
A denial-of-service flaw was discovered in the system for sending messages between applications. A local user could send a message with a malformed signature to the bus causing the bus to abort.
Multiple insufficient input validation flaws were discovered in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened.
A flaw was found in the xterm handling of Device Control Request Status String (DECRQSS) escape sequences. An attacker could create a malicious text file (or log entry, if unfiltered) that could run arbitrary commands if read by a victim inside an xterm window.
Fixed packages are available now.

System: Various
Topic: Vulnerability in openssl
Links: CVE-2008-5077, RHSA-2009-0004.html, ESB-2009.0009, FreeBSD-SA-09:02 ESB-2009.0020, MDVSA-2009:001, DSA-1701, ESB-2009.0038, OpenBSD, Sun Alert #250826, ESB-2009.0110,
ID: ae-200901-005

A flaw was discovered in the way OpenSSL checkes the verification of certificates. An attacker in control of a malicious server, or able to effect a "man in the middle" attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation. Fixed software is available now.

System: Red Hat Enterprise Linux 2.1
Topic: Vulnerabilities in Kernel
Links: RHSA-2008-0787, CVE-2006-4538, CVE-2006-4814, CVE-2007-2172, CVE-2007-3848, CVE-2007-4308, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2008-0007, CVE-2008-2136, CVE-2008-3275, CVE-2008-3525, CVE-2008-4210, ESB-2009.0004
ID: ae-200901-004

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux 2.1. Fixed kernel packages are available now.

System: Sun Solaris
Topic: Vulnerability in Sun SNMP Management Agent
Links: Sun Alert #248646, CVE-2008-5746, ESB-2008.1163
ID: ae-200901-003

An insecure temporary file vulnerability in the Sun Simple Network Management Protocol (SNMP) Management Agent may allow a local unprivileged user to overwrite any system file or gain root privileges. A patch remedies this problem.

System: FreeBSD
Topic: Vulnerability in protosw
Links: FreeBSD-SA-08:13, CVE-2008-5736, ESB-2008.1160
ID: ae-200901-002

The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets. Some function pointers for netgraph and bluetooth sockets are not properly initialized. Due to this, a local user can cause the FreeBSD kernel to execute arbitrary code. An update and a patch solve this problem, respectively.

System: Debian GNU/Linux
Topic: Vulnerabilities in xterm and ruby
Links: DSA-1694, CVE-2008-2383, ESB-2009.0001,
DSA-1695, CVE-2008-3443, ESB-2009.0002
ID: ae-200901-001

Xterm is a terminal emulator for the X Window System. It places arbitrary characters into the input buffer when displaying certain crafted escape sequences. Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a Denial-of-Service condition. Both vulnerabilities can be avoided by installing the corresponding updates.



(c) 2000-2014 AERAsec Network Services and Security GmbH