Dear dann frazier, Can you please provide valid CVE for this advisory, if any? CVE-2007-2524 is Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open Ticket Request System) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. --Thursday, June 7, 2007, 9:52:59 PM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx: df> -----BEGIN PGP SIGNED MESSAGE----- df> Hash: SHA1 df> - df> --------------------------------------------------------------------------- df> Debian Security Advisory DSA 1299-1 security@xxxxxxxxxx df> http://www.debian.org/security/ dann frazier df> June 7th, 2007 df> http://www.debian.org/security/faq df> - df> --------------------------------------------------------------------------- df> Package : ipsec-tools df> Vulnerability : missing input sanitising df> Problem-Type : remote df> Debian-specific: no df> CVE ID : CVE-2007-2524 df> It was discovered that a specially-crafted packet sent to the racoon df> ipsec key exchange server could cause a tunnel to crash, resulting in df> a denial of service. df> The oldstable distribution (sarge) isn't affected by this problem. df> For the stable distribution (etch) this problem has been fixed in df> version 1:0.6.6-3.1. df> The unstable distribution (sid) will be fixed soon. df> We recommend that you upgrade your racoon package. df> Upgrade Instructions df> - --------------------- df> wget url df> will fetch the file for you df> dpkg -i file.deb df> will install the referenced file. df> If you are using the apt-get package manager, use the line for df> sources.list as given below: df> apt-get update df> will update the internal database df> apt-get upgrade df> will install corrected packages df> You may use an automated update by adding the resources from the df> footer to the proper configuration. df> Debian GNU/Linux 4.0 alias etch df> - -------------------------------- df> Source archives: df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1.dsc df> Size/MD5 checksum: 714 8b0036099ce66a7cbe83e54d0b904af2 df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1.diff.gz df> Size/MD5 checksum: 49981 087edd1d11957b09b2171900a9b11861 df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6.orig.tar.gz df> Size/MD5 checksum: 914807 643a238e17148d242c603c511e28d029 df> Alpha architecture: df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_alpha.deb df> Size/MD5 checksum: 97060 2532ce5a61a9ddda86d2dc2b6c2fee0d df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_alpha.deb df> Size/MD5 checksum: 376370 d20d19e5fa8943b80a1a5678044e578c df> AMD64 architecture: df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_amd64.deb df> Size/MD5 checksum: 89052 8ff0a34a1fca0e232edcee6827233760 df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_amd64.deb df> Size/MD5 checksum: 341854 44f25a0b80eb783aa1c8f6a971ca237d df> ARM architecture: df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_arm.deb df> Size/MD5 checksum: 89788 d5378073f43820e820d5abfab4ea19ac df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_arm.deb df> Size/MD5 checksum: 325002 fc60192e280377c8d802827fb35e9ccf df> HP Precision architecture: df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_hppa.deb df> Size/MD5 checksum: 93882 6a44a4a6f99bd607c47b993eb02ede0a df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_hppa.deb df> Size/MD5 checksum: 354128 130b95fb7d817148acc080b87d650033 df> Intel IA-32 architecture: df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_i386.deb df> Size/MD5 checksum: 84608 a5ae0d2e2a6c804a7bc28bd78b89b9a8 df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_i386.deb df> Size/MD5 checksum: 329946 ecf6c9f4b86fa32b24ef7d395ec786bc df> Intel IA-64 architecture: df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_ia64.deb df> Size/MD5 checksum: 113136 8bda8ebe0253f6a122ed55ae5594061c df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_ia64.deb df> Size/MD5 checksum: 467976 f10fd34a1511d2115429a07aa66c9505 df> Big endian MIPS architecture: df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_mips.deb df> Size/MD5 checksum: 89766 66e65d7dd8997376ec87419b9e578635 df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_mips.deb df> Size/MD5 checksum: 344828 091f455c5364c6e086ccf3bab88b118d df> Little endian MIPS architecture: df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_mipsel.deb df> Size/MD5 checksum: 90078 23c815af2dd3b8caafbf51a36cc10f7e df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_mipsel.deb df> Size/MD5 checksum: 346628 c31717b5c9d124fb762dd6bff3f05179 df> PowerPC architecture: df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_powerpc.deb df> Size/MD5 checksum: 90846 a90d219725f00bb471e50b959dba126a df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_powerpc.deb df> Size/MD5 checksum: 336966 cfe0376c21ac35af5ece94222a4d1642 df> IBM S/390 architecture: df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_s390.deb df> Size/MD5 checksum: 90524 d51eafa7b1a6148c3cf81bfbe9dd512e df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_s390.deb df> Size/MD5 checksum: 341322 888ca59e56b0aec906d7e1dfb854c2f9 df> Sun Sparc architecture: df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_sparc.deb df> Size/MD5 checksum: 85938 57cff108c12ce7b3783a7e905e8afceb df> df> http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_sparc.deb df> Size/MD5 checksum: 318274 c2f8458fa25cd0b0b1857bcd3a6d827b df> These files will probably be moved into the stable distribution on df> its next update. df> - df> ---------------------------------------------------------------------------------- df> For apt-get: deb http://security.debian.org/ stable/updates main df> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main df> Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx df> Package info: `apt-cache show <pkg>' and df> http://packages.debian.org/<pkg> df> -----BEGIN PGP SIGNATURE----- df> Version: GnuPG v1.4.6 (GNU/Linux) df> iD8DBQFGaEU7huANDBmkLRkRAtVOAJ9G5dNX9JyzklUMCxCpcCPJ5frr8wCdH9U5 df> 6q7ng9jVMSwJEDZBjT7ykKw= df> =AF46 df> -----END PGP SIGNATURE----- -- ~/ZARAZA http://securityvulns.com/
