@RISK: The Consensus Security Alert - Part 1 http://www.sans.org/newsletters/risk/display.php All Updates From Part 1 of Vol: 9 - Issue: 6 en-us (C) SANS Institute 2010 webmaster@sans.org SANS RSS Feed http://www.sans.org/images/rss_logo.gif http://www.sans.org/newsletters/risk/display.php SANS 2009 http://www.sans.org/info/35964/ http://www.sans.org/info/35964/ More than 35 courses, SANS top instructors, all in one great place! SANS 2009 is being held in Orlando, FL on March 2-9. Register today! (1) HIGH: Apple iPhone and Apple iPod Touch Multiple Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely1 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely1 Category: Widely Deployed Software

Affected:

  • iPhone OS 3.1.3
  • iPhone OS 3.1.3 for iPod touch

]]> (2) HIGH: IBM DB2 Buffer Overflow and Denial of Service Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely2 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely2 Category: Widely Deployed Software

Affected:

  • IBM DB2 version 9.7 and prior

]]> (3) MODERATE: Apache mod_proxy Integer Overflow Vulnerability http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely3 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely3 Category: Widely Deployed Software

Affected:

  • Apache 1.3.x

]]> (4) MODERATE: Multiple Hitachi Products Buffer Overflow Vulnerability http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely4 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely4 Category: Widely Deployed Software

Affected:

  • Cosminexus Version 8
  • Cosminexus Version 7
  • Cosminexus Version 6.x
  • Cosminexus Version 5
  • Cosminexus Version 4
  • uCosminexus Navigation Platform(*2)
  • uCosminexus Navigation Platform - User License(*2)
  • uCosminexus Navigation Platform - Authoring License(*2)
  • uCosminexus Navigation Developer(*2)
  • Electronic Form Workflow Set(*2)
  • Electronic Form Workflow - Professional Set(*2)
  • Electronic Form Workflow - Developer Set(*2)
  • Electronic Form Workflow - Standard Set(*2)
  • Electronic Form Workflow - Professional Library Set(*2)
  • Electronic Form Workflow - Developer Client Set(*2)
  • uCosminexus Collaboration - Server(*2)
  • Groupmax Collaboration - Server(*2)
  • uCosminexus/OpenTP1 Web Front-end Set(*2)
  • Cosminexus/OpenTP1 Web Front-end Set(*2)
  • uCosminexus Portal Framework Entry Set(*3)
  • Cosminexus/OpenTP1 Web Front-end Set
  • Electronic Form Workflow 7.x
  • Groupmax Collaboration - Server
  • Hitachi Developer's Kit for Java
  • Hitachi Electronic Form Workflow 6.x
  • Hitachi Processing Kit for XML

]]> (5) MODERATE: yaSSL Certificate handling Buffer Overflow Vulnerability http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely5 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely5 Category: Widely Deployed Software

Affected:

  • yaSSL Library 1.x

]]> (6) MODERATE: Wireshark Multiple Buffer Overflow Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely6 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely6 Category: Widely Deployed Software

Affected:

  • Wireshark 1.x

]]> (7) MODERATE: Ingres Database Buffer Overflow Vulnerability http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely7 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely7 Category: Widely Deployed Software

Affected:

  • Ingres Database 9.3 and prior

]]> (8) LOW: IRCD-Hybrid and ircd-ratbox Integer Underflow Vulnerability http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely8 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely8 Category: Widely Deployed Software

Affected:

  • ircd-ratbox 2.2.x
  • ircd-ratbox 2.0 rc7
  • ircd-ratbox 2.0 rc6
  • ircd-hybrid 7.x

]]>