plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.

Image

Featured Details

**Multiple ways to consume Secunia Research**

Secunia delivers software security research that provides reliable, curated and actionable vulnerability intelligence. Organizations can expect to receive standardized, validated and enriched vulnerability research on a specific version of a software product. Secunia Research supports four solutions:

SVG

**Data Platform**

Data Platform leverages Secunia Research to provide high-level insights based on major or minor versions of software in your normalized inventory

Learn More

SVG

**Flexera One**

Flexera One utilizes Secunia Research (alongside public NVD data) to provide more granular matching of build-level versions of software in your normalized inventory within its IT Asset Management and IT Visibility solutions

Learn More

How it works

**Accurate, reliable vulnerability insights at your fingertips**

The Secunia Research team from Flexera is comprised of several security specialists who conduct vulnerability research in various products in addition to testing, verifying and validating public vulnerability reports. Since its inception in 2002, the goal of the Secunia Research team is to provide the most accurate and reliable source of vulnerability intelligence.

Delivering the world’s best vulnerability intelligence requires skill and passion. Team members continually develop their skills exploring various high-profile closed and open-source software using a variety of approaches, focusing chiefly on thorough code audits and binary analysis. The team has received industry recognition, including naming members to Microsoft’s Most Valuable Security Researchers list.

Secunia researchers discover hard-to-find vulnerabilities that aren’t normally identified with techniques such as fuzzing, and the results have been impressive. Members of the Secunia Research team have discovered critical vulnerabilities in products from vendors including Microsoft, Symantec, IBM, Adobe, RealNetworks, Trend Micro, HP, Blue Coat, Samba, CA, Mozilla and Apple.

The team produces invaluable security advisories based on research of the vulnerabilities affecting any given software update. Sometimes a single update can address multiple vulnerabilities of varying criticalities and threats; but these advisories aggregate and distill findings down to a single advisory perfect for the prioritization of patching efforts within Software Vulnerability Manager. Criticality scores are consistently applied along with details around attack vector and other valuable details within Software Vulnerability Research. Illegitimate vulnerability reports are also investigated and rejected so you can focus only on what truly matters.

Informing IT, Transforming IT

**Industry insights to help keep you informed**

CVE-2010-4176: About Secunia Research | Flexera

Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.

CVE-2010-3832

FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.

CVE-2010-1810

Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc77567.

Image

Featured Details

**Multiple ways to consume Secunia Research**

Secunia delivers software security research that provides reliable, curated and actionable vulnerability intelligence. Organizations can expect to receive standardized, validated and enriched vulnerability research on a specific version of a software product. Secunia Research supports four solutions:

SVG

**Data Platform**

Data Platform leverages Secunia Research to provide high-level insights based on major or minor versions of software in your normalized inventory

Learn More

SVG

**Flexera One**

Flexera One utilizes Secunia Research (alongside public NVD data) to provide more granular matching of build-level versions of software in your normalized inventory within its IT Asset Management and IT Visibility solutions

Learn More

How it works

**Accurate, reliable vulnerability insights at your fingertips**

The Secunia Research team from Flexera is comprised of several security specialists who conduct vulnerability research in various products in addition to testing, verifying and validating public vulnerability reports. Since its inception in 2002, the goal of the Secunia Research team is to provide the most accurate and reliable source of vulnerability intelligence.

Delivering the world’s best vulnerability intelligence requires skill and passion. Team members continually develop their skills exploring various high-profile closed and open-source software using a variety of approaches, focusing chiefly on thorough code audits and binary analysis. The team has received industry recognition, including naming members to Microsoft’s Most Valuable Security Researchers list.

Secunia researchers discover hard-to-find vulnerabilities that aren’t normally identified with techniques such as fuzzing, and the results have been impressive. Members of the Secunia Research team have discovered critical vulnerabilities in products from vendors including Microsoft, Symantec, IBM, Adobe, RealNetworks, Trend Micro, HP, Blue Coat, Samba, CA, Mozilla and Apple.

The team produces invaluable security advisories based on research of the vulnerabilities affecting any given software update. Sometimes a single update can address multiple vulnerabilities of varying criticalities and threats; but these advisories aggregate and distill findings down to a single advisory perfect for the prioritization of patching efforts within Software Vulnerability Manager. Criticality scores are consistently applied along with details around attack vector and other valuable details within Software Vulnerability Research. Illegitimate vulnerability reports are also investigated and rejected so you can focus only on what truly matters.

CVE-2010-1578: About Secunia Research | Flexera

Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.

    The files contained in the archive link below are those that make use of a pdf exploit in order to jailbreak devices running Apple iOS.  These pdf's are of interest in that they originate in userland and give root access to the devices.
    
    https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/14538.7z (ios_pdf_exploit.7z)

CVE-2010-2973: Offensive Security’s Exploit Database Archive

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804.

**3com Inc. (Inactive) Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**ARRIS Affected**

Notified:  2010-06-18 Updated: 2020-08-31

**Statement Date:   January 20, 2011**

**Vendor Statement**

We have not received a statement from the vendor.

**CERT Addendum**

The following products have been reported to be affected: ARRIS C3™ Cable Modem Termination System Firmware Release <=4.4.4.13

**Actelis Networks Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Alcatel-Lucent Enterprise Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Allied Telesis Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Alvarion (Inactive) Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Aperto Networks Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Apple Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Avaya Inc. Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Broadcom Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Ceragon Networks Inc Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Cisco Affected**

**D-Link Systems Inc. Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Dell Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Dell EMC Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Digicom Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**DrayTek Corporation Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Enablence Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Enterasys Networks Affected**

Notified:  2010-06-18 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Ericsson Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Fluke Networks Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Foundry Brocade Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Gilat Network Systems Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Guangzhou Gaoke Communications Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Hewlett Packard Enterprise Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Huawei Affected**

Updated: 2020-08-31

**Statement Date:   June 18, 2010**

**Vendor Statement**

We have not received a statement from the vendor.

**IWATSU Voice Networks Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Keda Communications Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Knovative Inc Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Lenovo Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Lutron Electronics Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Maipu Communication Technology Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Mitel Networks Inc. Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Motorola Inc. Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Netgear Inc. Affected**

Notified:  2010-06-18 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Nokia Affected**

Notified:  2010-06-18 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Nortel Networks Inc. Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Polycom Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Statement Date:   December 07, 2010**

**Vendor Statement**

We have not received a statement from the vendor.

**CERT Addendum**

The release notes for SoundPoint IP/SoundStation IP SIP software states that version 3.1.2 has closed the debug port. "47450: Port 17185 is open, presenting a security risk" http://downloads.polycom.com/voice/voip/relnotes/spip\_ssip\_v3\_1\_6\_Legacy\_release\_notes.pdf

**Proxim Inc. Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Rad Vision Inc. Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Ricoh Company Ltd. Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**SEIKO EPSON Corp. / Epson America Inc. Affected**

Notified:  2010-06-18 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**SFR Affected**

Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**CERT Addendum**

newsoft reports that the SFR (formerly Neuf Cegetel and Neuf Telecom) Trio3C has the debug service enabled.

**SMC Networks Inc. Affected**

Notified:  2010-06-18 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Schneider Electric Affected**

Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**CERT Addendum**

The Modicon M340 with firmware version 2.5 was reported to run VxWorks 6.4 and have the debug port enabled.

**ShoreTel Inc. Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Siemens Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

Security Advisory Report - OBSO-1010-01 Enabled VxWorks debug service Creation Date: 2010-10-15 Last Update: 2010-10-15 Summary A security researcher has identified a large number of products based on the VxWorks platform provided by Wind River Systems with a debug service enabled by default at port 17185/udp. Vulnerability Details The debug service provides full access to the memory of an affected device and allows for memory to be written as well as functions to be called. Of the various products based on VxWorks, the following are not affected by this vulnerability: HiPath Wireless Convergence, RG 8700, optiPoint 410/420 SIP and HFA (V5). Affected Products HiPath 3000 (HG 1500 Gateway) HiPath 4000 (HG 35xx Gateway) optiPoint 410/420 HFA, versions before V5 optiPoint 600 office Recommended Actions In general, it is recommended not to attach the mentioned systems directly at the internet. Appropriate firewall rules should be implemented to restrict access to the debug service (17185/udp). The problem is solved in the following versions; an update to these or higher versions is highly recommended: HiPath 3000 V8: V8 R5.2.0 HiPath 4000 V4: V4 R4.1.12 HiPath 4000 V5: V5 R1.2.4 Please note: HiPath 3000 V7: You need to upgrade the HG 1500 gateway only. Please use V8 R5.2.0 for this. You may keep the system itself in V7. HiPath 3000 V6 and earlier have reached end of SW support; please consider an upgrade to V7 or V8 HiPath 4000 V3 and earlier have reached end of SW support; please consider an upgrade to V4 or higher. Some older, unsupported versions of optiPoint 410/420 HFA IP phones are also vulnerable. Please ensure, that V5 is installed on all phones. optiPoint 600 office has reached end of life since a few years already; an update is unfortunately not available References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2965 http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html http://www.kb.cert.org/vuls/id/362332 Revision History 2010-10-15 Initial release Contact and Disclaimer OpenScale Baseline Security Office obso@siemens-enterprise.com © Siemens Enterprise Communications GmbH & Co KG 2010 Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG The information provided in this document is subject to change without notice. Siemens Enterpise Communications GmbH & Co KG (SEN) assumes no responsibility for any errors that may appear in this document, and it does not affect your current support agreements with SEN. Any trademarks referenced in this document are the property of their respective owners. ---End Vendor Statement-------------------------------------------------------------------

**CERT Addendum**

The vendor provided the above advisory information for their affected products.

**TRENDnet Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Tut Systems Affected**

Notified:  2010-06-18 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Wind River Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

Wind River has analyzed VU#362332, and determined that all versions of VxWorks could be vulnerable if the WDB agent is left enabled in production systems and the system is network attached. VxWorks has a very strong track record of offering secure products and Wind River is committed to active threat monitoring, rapid assessment, threat prioritization, expedited remediation, response and proactive customer contact. Customers are encouraged to follow the remediation actions outlined in the SOLUTION section of the vulnerability post. Registered users can access Wind River's online support for more information by following this link: https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708 Or contact Wind River technical support for more information: http://windriver.com/support/

**CERT Addendum**

Within the VxWorks Kernel programmers guide it states: “For production systems, you will want to reconfigure VxWorks with only those components needed for deployed operation, and to build it as the appropriate type of system image. You will likely want to remove components required for host development support, such as the WDB target agent and debugging components (INCLUDE\_WDB and INCLUDE\_DEBUG), as well as to remove any other operating system components not required to support your application. Other considerations may include reducing the memory requirements of the system, speeding up boot time, and security issues.”

**Xerox Affected**

Notified:  2010-06-14 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**amx Affected**

Notified:  2010-06-29 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Canon Not Affected**

Notified:  2010-06-18 Updated: 2020-08-31

**CVE-2010-2965**

Not Affected

**Vendor Statement**

We have not received a statement from the vendor.

**Brocade Communication Systems Unknown**

Notified:  2010-08-03 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

**Intel Unknown**

Notified:  2010-07-02 Updated: 2020-08-31

**Vendor Statement**

We have not received a statement from the vendor.

CVE-2010-2965: CERT/CC Vulnerability Note VU#362332

Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.

CVE-2010-1775

The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.

CVE-2010-1756: Bugtraq

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.

CVE-2010-1407: About the security content of iOS 4

Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.

For full functionality of this site it is necessary to enable JavaScript. Here are the instructions how to enable JavaScript in your web browser.

Tag

#apple