Highly critical Samba vulnerability

Applies to versions 3.0.0 - 3.0.29 (current Arch version from extra repo is 3.0.28A):
http://www.samba.org/samba/security/CVE-2008-1105.html

It is known.  http://bugs.archlinux.org/task/10526 
The usual maintainer is currently away so the devs are being careful not to break the package in their efforts to fill in for him.

Similar Messages

  • Is AsyncOS vulnerable to New Critical GLibc Vulnerability CVE-2015-0235 (aka Ghost)

    Raising for awareness in the community.
    New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
    https://isc.sans.edu/diary/New+Critical+GLibc+Vulnerability+CVE-2015-0235+%28aka+GHOST%29/19237
    Raised a support case and current update is Cicso is investigating if AsynOS is vulnerable
    Paul

    Currently it is being reviewed and looked into:
    http://tools.cisco.com/security/center/viewAlert.x?alertId=37181
    Please refer to the following information, as provided from our Product Security Incident Response Team (PSIRT):
    Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on Cisco.com at:
    http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html 
    This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at:
    http://www.cisco.com/go/psirt

  • Are BlackBerry products affected by Samba vulnerability, CVE-2015-0240?

    Samba versions 3.5.0 to 4.2.0rc4 are now known to have a remote code execution vulnerability, CVE-2015-0240. [1] Are BlackBerry products affected?
    [1] https://www.samba.org/samba/security/CVE-2015-0240

    We have updated the release notes to indicate following-
    All versions prior to the following releases are shipping with the vulnerable code. This also includes any train which has already reached end of software maintenance (eg- 3.8.x) 
    15.5(1)S/XE3.14.1S
    15.4(3)S2/XE3.13.3S
    15.4(2)S1/XE3.12.3S
    15.4(1)S3/XE3.11.4S
    15.3(3)S4/XE3.10.6S
    15.2(4)S6/XE3.7.7S
    15.1(3)S7/XE3.4.7S
    Regards,
    Vishnu Asok

  • ***** Highly Critical URGENT *****

    Our BASIS guys have done the system copy/refresh from the prod box to preprod BI.
    I want to know what BI Configurations / Functional Tasks has to be done after the refresh.
    Could you please give me BEST advice. which transactions to look for etc...
    Please help this is highly urgent task. I will reward full points.*****

    Hi Asif,
    Check this
    SAP Note-886102
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes/sdn_oss_bw_whm/~form/handler
    Also check these links
    http://www.sapfans.com/forums/viewtopic.php?p=850405&sid=d8113ddd8d035e17d3ce1b09adb1f504
    Check this thread too
    /thread/333172 [original link is broken]
    Hope this clears
    Regards
    Karthik

  • Its getting as bad as Windows...

    I switched from Windows to avoid the many OS glitches. But I get the same things on OS X. For example:
    1) The CrashDump utility crashes every time I boot! I dutifully report this to Apple, but no response or fixes. Phone support was clueless-0-told me to dump the caches.
    2) Spinning wheels = reboot. You cannot always kill
    applications, even with force quit. Doing a ps yields a state of D. This means it cannot be killed. The only solution is a reboot. I have lots of things on my system, but that is why I spent $8k on a powerful computer!
    3) Glacially slow fixes, even for security problems. For example, Apple has known about a bug in X11 cursor for over a year (http://www.macosxhints.com/article.php?story=20060316124704289&query=x11) and it still has not been fixed! It took 6 months to fix the critical samba vulnerability. Java is still at version 1.5.07, which is *5 versions* behind in security patches. Why don't we have version 1.6 too? I am in the Developer Association, and the 1.6 there is still a pre-release version that is buggy and also has serious security problems. Apple does not seem to like Java. Since I am a Java developer, this is a problem. At least Microsoft fixes their bugs!
    Steve Jobs is a great salesman, but I really doubt that he does power computing--otherwise some of this would be fixed.

    Here is the crash dump log:
    Host Name: jarmac
    Date/Time: 2007-08-09 12:29:08.101 -0400
    OS Version: 10.4.10 (Build 8R2218)
    Report Version: 4
    Command: crashdump
    Path: /usr/libexec/crashdump
    Parent: crashreporterd [179]
    Version: ??? (???)
    PID: 388
    Thread: 0
    Exception: EXC_BREAKPOINT (0x0006)
    Code[0]: 0x00000002
    Code[1]: 0x00000000
    Thread 0 Crashed:
    0 com.apple.Foundation 0x9282247f _NSRaiseError + 227
    1 com.apple.Foundation 0x9284923f +[NSException raise:format:] + 57
    2 com.apple.Foundation 0x928d14be -[NSObject doesNotRecognizeSelector:] + 123
    3 com.apple.Foundation 0x927f534b -[NSObject(NSForwardInvocation) forward::] + 184
    4 libobjc.A.dylib 0x90a5acc1 objcmsgForward + 49
    5 crashdump 0x000061d8 0x1000 + 20952
    6 crashdump 0x00007663 0x1000 + 26211
    7 crashdump 0x00003578 0x1000 + 9592
    8 crashdump 0x00003885 0x1000 + 10373
    9 crashdump 0x00005599 0x1000 + 17817
    10 crashdump 0x0000238e 0x1000 + 5006
    11 crashdump 0x000022b5 0x1000 + 4789
    Thread 0 crashed with X86 Thread State (32-bit):
    eax: 0x00030000 ebx: 0x928223aa ecx: 0x90a64b30 edx: 0x00406d70
    edi: 0x0384f4a0 esi: 0x0384f430 ebp: 0xbffff768 esp: 0xbffff700
    ss: 0x0000001f efl: 0x00000246 eip: 0x9282247f cs: 0x00000017
    ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037
    Binary Images Description:
    0x1000 - 0xafff crashdump /usr/libexec/crashdump
    0x300000 - 0x316fff com.apple.CoreVideo 1.4.1 /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
    0x325000 - 0x37dfff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
    0x391000 - 0x3a8fff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
    0x8fe00000 - 0x8fe4afff dyld 46.12 /usr/lib/dyld
    0x90000000 - 0x90171fff libSystem.B.dylib /usr/lib/libSystem.B.dylib
    0x901c4000 - 0x90201fff com.apple.CoreText 1.1.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreText.framework/Versions/A/CoreText
    0x90228000 - 0x902fefff ATS /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ATS.framework/Versions/A/ATS
    0x903a3000 - 0x90649fff com.apple.CoreServices.CarbonCore 682.26 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonC ore.framework/Versions/A/CarbonCore
    0x906cc000 - 0x9073ffff com.apple.framework.IOKit 1.4.8 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
    0x9080a000 - 0x908d2fff com.apple.CoreFoundation 6.4.7 (368.28) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
    0x90910000 - 0x90910fff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
    0x90a55000 - 0x90ad4fff libobjc.A.dylib /usr/lib/libobjc.A.dylib
    0x90afd000 - 0x90b61fff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib
    0x90c64000 - 0x90c76fff libauto.dylib /usr/lib/libauto.dylib
    0x90fc1000 - 0x90ffffff com.apple.vmutils 4.0.2 (93.1) /System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils
    0x91057000 - 0x91067fff com.apple.WebServices 1.1.3 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServ icesCore.framework/Versions/A/WebServicesCore
    0x91072000 - 0x910f1fff com.apple.SearchKit 1.0.5 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchK it.framework/Versions/A/SearchKit
    0x9112b000 - 0x91149fff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadat a.framework/Versions/A/Metadata
    0x91155000 - 0x91163fff libz.1.dylib /usr/lib/libz.1.dylib
    0x91166000 - 0x91305fff com.apple.security 4.5.2 (29774) /System/Library/Frameworks/Security.framework/Versions/A/Security
    0x91403000 - 0x9140bfff com.apple.DiskArbitration 2.1.1 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
    0x91412000 - 0x91419fff libbsm.dylib /usr/lib/libbsm.dylib
    0x9141d000 - 0x91443fff com.apple.SystemConfiguration 1.8.6 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfi guration
    0x91455000 - 0x914cbfff com.apple.audio.CoreAudio 3.0.4 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
    0x9151c000 - 0x9151cfff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Application Services
    0x9151e000 - 0x9154afff com.apple.AE 314 (313) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ AE.framework/Versions/A/AE
    0x9155d000 - 0x91631fff com.apple.ColorSync 4.4.9 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ColorSync.framework/Versions/A/ColorSync
    0x9166c000 - 0x916dffff com.apple.print.framework.PrintCore 4.6 (177.13) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ PrintCore.framework/Versions/A/PrintCore
    0x9170d000 - 0x917b6fff com.apple.QD 3.10.24 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ QD.framework/Versions/A/QD
    0x917dc000 - 0x91827fff com.apple.HIServices 1.5.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ HIServices.framework/Versions/A/HIServices
    0x91846000 - 0x9185cfff com.apple.LangAnalysis 1.6.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ LangAnalysis.framework/Versions/A/LangAnalysis
    0x91868000 - 0x91883fff com.apple.FindByContent 1.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ FindByContent.framework/Versions/A/FindByContent
    0x9188e000 - 0x918cbfff com.apple.LaunchServices 182 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ LaunchServices.framework/Versions/A/LaunchServices
    0x918df000 - 0x918ebfff com.apple.speech.synthesis.framework 3.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ SpeechSynthesis.framework/Versions/A/SpeechSynthesis
    0x91944000 - 0x919f6fff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib
    0x91a3c000 - 0x91a52fff libcups.2.dylib /usr/lib/libcups.2.dylib
    0x91bdf000 - 0x91cbdfff libxml2.2.dylib /usr/lib/libxml2.2.dylib
    0x91cda000 - 0x91cdafff com.apple.Accelerate 1.3.1 (Accelerate 1.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
    0x91cdc000 - 0x91d6afff com.apple.vImage 2.5 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.fr amework/Versions/A/vImage
    0x91d71000 - 0x91d71fff com.apple.Accelerate.vecLib 3.3.1 (vecLib 3.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/vecLib
    0x91d73000 - 0x91dccfff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libvMisc.dylib
    0x91dd5000 - 0x91df9fff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libvDSP.dylib
    0x91e01000 - 0x9220afff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libBLAS.dylib
    0x92244000 - 0x925f8fff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libLAPACK.dylib
    0x92625000 - 0x92712fff libiconv.2.dylib /usr/lib/libiconv.2.dylib
    0x92714000 - 0x92791fff com.apple.DesktopServices 1.3.6 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/Desk topServicesPriv
    0x927d2000 - 0x92a02fff com.apple.Foundation 6.4.8 (567.29) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
    0x92bcb000 - 0x92bd3fff com.apple.speech.recognition.framework 3.6 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecogni tion.framework/Versions/A/SpeechRecognition
    0x92dbf000 - 0x92dcdfff com.apple.audio.SoundManager 3.9.1 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.f ramework/Versions/A/CarbonSound
    0x92dde000 - 0x930d3fff com.apple.HIToolbox 1.4.9 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.fra mework/Versions/A/HIToolbox
    0x931d9000 - 0x931e4fff com.apple.opengl 1.4.16 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
    0x93256000 - 0x9390cfff com.apple.AppKit 6.4.8 (824.42) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
    0x93c8d000 - 0x93d08fff com.apple.CoreData 91 (92.1) /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
    0x93d41000 - 0x93dfbfff com.apple.audio.toolbox.AudioToolbox 1.4.5 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
    0x93e3e000 - 0x93e3efff com.apple.audio.units.AudioUnit 1.4.3 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
    0x93e40000 - 0x94001fff com.apple.QuartzCore 1.4.12 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
    0x94047000 - 0x94088fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib
    0x94090000 - 0x940cafff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dyl ib
    0x94e02000 - 0x94ef6fff libicucore.A.dylib /usr/lib/libicucore.A.dylib
    0x95c18000 - 0x95c57fff com.apple.CFNetwork 129.21 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwo rk.framework/Versions/A/CFNetwork
    0x96c72000 - 0x96cb2fff com.apple.ImageIO.framework 1.5.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/ImageIO
    0x96cc6000 - 0x96ccafff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libGIF.dylib
    0x96ccd000 - 0x96d2cfff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libJP2.dylib
    0x96d40000 - 0x96d5efff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libJPEG.dylib
    0x96e31000 - 0x96e4bfff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libPng.dylib
    0x96e51000 - 0x96e53fff libRadiance.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libRadiance.dylib
    0x96e56000 - 0x96edcfff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libRaw.dylib
    0x96ee1000 - 0x96f1efff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libTIFF.dylib
    0x9dc8c000 - 0x9dc93fff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib
    0x9fa6f000 - 0x9fad7fff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServi ces.framework/Versions/A/OSServices
    0x9fb10000 - 0x9ff65fff com.apple.CoreGraphics 1.258.75 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreGraphics.framework/Versions/A/CoreGraphics
    0x9fffc000 - 0x9fffefff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib
    Host Name: jarmac
    Date/Time: 2007-08-10 11:50:55.178 -0400
    OS Version: 10.4.10 (Build 8R2218)
    Report Version: 4
    Command: crashdump
    Path: /usr/libexec/crashdump
    Parent: crashreporterd [141]
    Version: ??? (???)
    PID: 367
    Thread: 0
    Exception: EXC_BREAKPOINT (0x0006)
    Code[0]: 0x00000002
    Code[1]: 0x00000000
    Thread 0 Crashed:
    0 com.apple.Foundation 0x9282247f _NSRaiseError + 227
    1 com.apple.Foundation 0x9284923f +[NSException raise:format:] + 57
    2 com.apple.Foundation 0x928d14be -[NSObject doesNotRecognizeSelector:] + 123
    3 com.apple.Foundation 0x927f534b -[NSObject(NSForwardInvocation) forward::] + 184
    4 libobjc.A.dylib 0x90a5acc1 objcmsgForward + 49
    5 crashdump 0x000061d8 0x1000 + 20952
    6 crashdump 0x00007663 0x1000 + 26211
    7 crashdump 0x00003578 0x1000 + 9592
    8 crashdump 0x00003885 0x1000 + 10373
    9 crashdump 0x00005599 0x1000 + 17817
    10 crashdump 0x0000238e 0x1000 + 5006
    11 crashdump 0x000022b5 0x1000 + 4789
    Thread 0 crashed with X86 Thread State (32-bit):
    eax: 0x00030000 ebx: 0x928223aa ecx: 0x90a64b30 edx: 0x00406d70
    edi: 0x0384f480 esi: 0x0384f410 ebp: 0xbffff768 esp: 0xbffff700
    ss: 0x0000001f efl: 0x00000246 eip: 0x9282247f cs: 0x00000017
    ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037
    Binary Images Description:
    0x1000 - 0xafff crashdump /usr/libexec/crashdump
    0x300000 - 0x316fff com.apple.CoreVideo 1.4.1 /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
    0x325000 - 0x37dfff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
    0x391000 - 0x3a8fff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
    0x8fe00000 - 0x8fe4afff dyld 46.12 /usr/lib/dyld
    0x90000000 - 0x90171fff libSystem.B.dylib /usr/lib/libSystem.B.dylib
    0x901c4000 - 0x90201fff com.apple.CoreText 1.1.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreText.framework/Versions/A/CoreText
    0x90228000 - 0x902fefff ATS /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ATS.framework/Versions/A/ATS
    0x903a3000 - 0x90649fff com.apple.CoreServices.CarbonCore 682.26 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonC ore.framework/Versions/A/CarbonCore
    0x906cc000 - 0x9073ffff com.apple.framework.IOKit 1.4.8 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
    0x9080a000 - 0x908d2fff com.apple.CoreFoundation 6.4.7 (368.28) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
    0x90910000 - 0x90910fff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
    0x90a55000 - 0x90ad4fff libobjc.A.dylib /usr/lib/libobjc.A.dylib
    0x90afd000 - 0x90b61fff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib
    0x90c64000 - 0x90c76fff libauto.dylib /usr/lib/libauto.dylib
    0x90fc1000 - 0x90ffffff com.apple.vmutils 4.0.2 (93.1) /System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils
    0x91057000 - 0x91067fff com.apple.WebServices 1.1.3 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServ icesCore.framework/Versions/A/WebServicesCore
    0x91072000 - 0x910f1fff com.apple.SearchKit 1.0.5 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchK it.framework/Versions/A/SearchKit
    0x9112b000 - 0x91149fff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadat a.framework/Versions/A/Metadata
    0x91155000 - 0x91163fff libz.1.dylib /usr/lib/libz.1.dylib
    0x91166000 - 0x91305fff com.apple.security 4.5.2 (29774) /System/Library/Frameworks/Security.framework/Versions/A/Security
    0x91403000 - 0x9140bfff com.apple.DiskArbitration 2.1.1 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
    0x91412000 - 0x91419fff libbsm.dylib /usr/lib/libbsm.dylib
    0x9141d000 - 0x91443fff com.apple.SystemConfiguration 1.8.6 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfi guration
    0x91455000 - 0x914cbfff com.apple.audio.CoreAudio 3.0.4 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
    0x9151c000 - 0x9151cfff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Application Services
    0x9151e000 - 0x9154afff com.apple.AE 314 (313) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ AE.framework/Versions/A/AE
    0x9155d000 - 0x91631fff com.apple.ColorSync 4.4.9 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ColorSync.framework/Versions/A/ColorSync
    0x9166c000 - 0x916dffff com.apple.print.framework.PrintCore 4.6 (177.13) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ PrintCore.framework/Versions/A/PrintCore
    0x9170d000 - 0x917b6fff com.apple.QD 3.10.24 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ QD.framework/Versions/A/QD
    0x917dc000 - 0x91827fff com.apple.HIServices 1.5.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ HIServices.framework/Versions/A/HIServices
    0x91846000 - 0x9185cfff com.apple.LangAnalysis 1.6.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ LangAnalysis.framework/Versions/A/LangAnalysis
    0x91868000 - 0x91883fff com.apple.FindByContent 1.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ FindByContent.framework/Versions/A/FindByContent
    0x9188e000 - 0x918cbfff com.apple.LaunchServices 182 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ LaunchServices.framework/Versions/A/LaunchServices
    0x918df000 - 0x918ebfff com.apple.speech.synthesis.framework 3.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ SpeechSynthesis.framework/Versions/A/SpeechSynthesis
    0x91944000 - 0x919f6fff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib
    0x91a3c000 - 0x91a52fff libcups.2.dylib /usr/lib/libcups.2.dylib
    0x91bdf000 - 0x91cbdfff libxml2.2.dylib /usr/lib/libxml2.2.dylib
    0x91cda000 - 0x91cdafff com.apple.Accelerate 1.3.1 (Accelerate 1.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
    0x91cdc000 - 0x91d6afff com.apple.vImage 2.5 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.fr amework/Versions/A/vImage
    0x91d71000 - 0x91d71fff com.apple.Accelerate.vecLib 3.3.1 (vecLib 3.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/vecLib
    0x91d73000 - 0x91dccfff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libvMisc.dylib
    0x91dd5000 - 0x91df9fff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libvDSP.dylib
    0x91e01000 - 0x9220afff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libBLAS.dylib
    0x92244000 - 0x925f8fff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libLAPACK.dylib
    0x92625000 - 0x92712fff libiconv.2.dylib /usr/lib/libiconv.2.dylib
    0x92714000 - 0x92791fff com.apple.DesktopServices 1.3.6 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/Desk topServicesPriv
    0x927d2000 - 0x92a02fff com.apple.Foundation 6.4.8 (567.29) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
    0x92bcb000 - 0x92bd3fff com.apple.speech.recognition.framework 3.6 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecogni tion.framework/Versions/A/SpeechRecognition
    0x92dbf000 - 0x92dcdfff com.apple.audio.SoundManager 3.9.1 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.f ramework/Versions/A/CarbonSound
    0x92dde000 - 0x930d3fff com.apple.HIToolbox 1.4.9 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.fra mework/Versions/A/HIToolbox
    0x931d9000 - 0x931e4fff com.apple.opengl 1.4.16 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
    0x93256000 - 0x9390cfff com.apple.AppKit 6.4.8 (824.42) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
    0x93c8d000 - 0x93d08fff com.apple.CoreData 91 (92.1) /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
    0x93d41000 - 0x93dfbfff com.apple.audio.toolbox.AudioToolbox 1.4.5 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
    0x93e3e000 - 0x93e3efff com.apple.audio.units.AudioUnit 1.4.3 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
    0x93e40000 - 0x94001fff com.apple.QuartzCore 1.4.12 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
    0x94047000 - 0x94088fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib
    0x94090000 - 0x940cafff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dyl ib
    0x94e02000 - 0x94ef6fff libicucore.A.dylib /usr/lib/libicucore.A.dylib
    0x95c18000 - 0x95c57fff com.apple.CFNetwork 129.21 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwo rk.framework/Versions/A/CFNetwork
    0x96c72000 - 0x96cb2fff com.apple.ImageIO.framework 1.5.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/ImageIO
    0x96cc6000 - 0x96ccafff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libGIF.dylib
    0x96ccd000 - 0x96d2cfff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libJP2.dylib
    0x96d40000 - 0x96d5efff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libJPEG.dylib
    0x96e31000 - 0x96e4bfff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libPng.dylib
    0x96e51000 - 0x96e53fff libRadiance.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libRadiance.dylib
    0x96e56000 - 0x96edcfff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libRaw.dylib
    0x96ee1000 - 0x96f1efff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libTIFF.dylib
    0x9dc8c000 - 0x9dc93fff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib
    0x9fa6f000 - 0x9fad7fff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServi ces.framework/Versions/A/OSServices
    0x9fb10000 - 0x9ff65fff com.apple.CoreGraphics 1.258.75 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreGraphics.framework/Versions/A/CoreGraphics
    0x9fffc000 - 0x9fffefff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib
    Host Name: jarmac
    Date/Time: 2007-08-12 13:09:12.727 -0400
    OS Version: 10.4.10 (Build 8R2218)
    Report Version: 4
    Command: crashdump
    Path: /usr/libexec/crashdump
    Parent: crashreporterd [140]
    Version: ??? (???)
    PID: 304
    Thread: 0
    Exception: EXC_BREAKPOINT (0x0006)
    Code[0]: 0x00000002
    Code[1]: 0x00000000
    Thread 0 Crashed:
    0 com.apple.Foundation 0x9282247f _NSRaiseError + 227
    1 com.apple.Foundation 0x9284923f +[NSException raise:format:] + 57
    2 com.apple.Foundation 0x928d14be -[NSObject doesNotRecognizeSelector:] + 123
    3 com.apple.Foundation 0x927f534b -[NSObject(NSForwardInvocation) forward::] + 184
    4 libobjc.A.dylib 0x90a5acc1 objcmsgForward + 49
    5 crashdump 0x000061d8 0x1000 + 20952
    6 crashdump 0x00007663 0x1000 + 26211
    7 crashdump 0x00003578 0x1000 + 9592
    8 crashdump 0x00003885 0x1000 + 10373
    9 crashdump 0x00005599 0x1000 + 17817
    10 crashdump 0x0000238e 0x1000 + 5006
    11 crashdump 0x000022b5 0x1000 + 4789
    Thread 0 crashed with X86 Thread State (32-bit):
    eax: 0x00030000 ebx: 0x928223aa ecx: 0x90a64b30 edx: 0x00406d70
    edi: 0x0384f520 esi: 0x0384f4b0 ebp: 0xbffff768 esp: 0xbffff700
    ss: 0x0000001f efl: 0x00000246 eip: 0x9282247f cs: 0x00000017
    ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037
    Binary Images Description:
    0x1000 - 0xafff crashdump /usr/libexec/crashdump
    0x300000 - 0x316fff com.apple.CoreVideo 1.4.1 /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
    0x325000 - 0x37dfff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
    0x391000 - 0x3a8fff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
    0x8fe00000 - 0x8fe4afff dyld 46.12 /usr/lib/dyld
    0x90000000 - 0x90171fff libSystem.B.dylib /usr/lib/libSystem.B.dylib
    0x901c4000 - 0x90201fff com.apple.CoreText 1.1.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreText.framework/Versions/A/CoreText
    0x90228000 - 0x902fefff ATS /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ATS.framework/Versions/A/ATS
    0x903a3000 - 0x90649fff com.apple.CoreServices.CarbonCore 682.26 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonC ore.framework/Versions/A/CarbonCore
    0x906cc000 - 0x9073ffff com.apple.framework.IOKit 1.4.8 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
    0x9080a000 - 0x908d2fff com.apple.CoreFoundation 6.4.7 (368.28) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
    0x90910000 - 0x90910fff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
    0x90a55000 - 0x90ad4fff libobjc.A.dylib /usr/lib/libobjc.A.dylib
    0x90afd000 - 0x90b61fff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib
    0x90c64000 - 0x90c76fff libauto.dylib /usr/lib/libauto.dylib
    0x90fc1000 - 0x90ffffff com.apple.vmutils 4.0.2 (93.1) /System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils
    0x91057000 - 0x91067fff com.apple.WebServices 1.1.3 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServ icesCore.framework/Versions/A/WebServicesCore
    0x91072000 - 0x910f1fff com.apple.SearchKit 1.0.5 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchK it.framework/Versions/A/SearchKit
    0x9112b000 - 0x91149fff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadat a.framework/Versions/A/Metadata
    0x91155000 - 0x91163fff libz.1.dylib /usr/lib/libz.1.dylib
    0x91166000 - 0x91305fff com.apple.security 4.5.2 (29774) /System/Library/Frameworks/Security.framework/Versions/A/Security
    0x91403000 - 0x9140bfff com.apple.DiskArbitration 2.1.1 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
    0x91412000 - 0x91419fff libbsm.dylib /usr/lib/libbsm.dylib
    0x9141d000 - 0x91443fff com.apple.SystemConfiguration 1.8.6 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfi guration
    0x91455000 - 0x914cbfff com.apple.audio.CoreAudio 3.0.4 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
    0x9151c000 - 0x9151cfff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Application Services
    0x9151e000 - 0x9154afff com.apple.AE 314 (313) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ AE.framework/Versions/A/AE
    0x9155d000 - 0x91631fff com.apple.ColorSync 4.4.9 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ColorSync.framework/Versions/A/ColorSync
    0x9166c000 - 0x916dffff com.apple.print.framework.PrintCore 4.6 (177.13) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ PrintCore.framework/Versions/A/PrintCore
    0x9170d000 - 0x917b6fff com.apple.QD 3.10.24 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ QD.framework/Versions/A/QD
    0x917dc000 - 0x91827fff com.apple.HIServices 1.5.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ HIServices.framework/Versions/A/HIServices
    0x91846000 - 0x9185cfff com.apple.LangAnalysis 1.6.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ LangAnalysis.framework/Versions/A/LangAnalysis
    0x91868000 - 0x91883fff com.apple.FindByContent 1.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ FindByContent.framework/Versions/A/FindByContent
    0x9188e000 - 0x918cbfff com.apple.LaunchServices 182 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ LaunchServices.framework/Versions/A/LaunchServices
    0x918df000 - 0x918ebfff com.apple.speech.synthesis.framework 3.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ SpeechSynthesis.framework/Versions/A/SpeechSynthesis
    0x91944000 - 0x919f6fff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib
    0x91a3c000 - 0x91a52fff libcups.2.dylib /usr/lib/libcups.2.dylib
    0x91bdf000 - 0x91cbdfff libxml2.2.dylib /usr/lib/libxml2.2.dylib
    0x91cda000 - 0x91cdafff com.apple.Accelerate 1.3.1 (Accelerate 1.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
    0x91cdc000 - 0x91d6afff com.apple.vImage 2.5 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.fr amework/Versions/A/vImage
    0x91d71000 - 0x91d71fff com.apple.Accelerate.vecLib 3.3.1 (vecLib 3.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/vecLib
    0x91d73000 - 0x91dccfff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libvMisc.dylib
    0x91dd5000 - 0x91df9fff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libvDSP.dylib
    0x91e01000 - 0x9220afff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libBLAS.dylib
    0x92244000 - 0x925f8fff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libLAPACK.dylib
    0x92625000 - 0x92712fff libiconv.2.dylib /usr/lib/libiconv.2.dylib
    0x92714000 - 0x92791fff com.apple.DesktopServices 1.3.6 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/Desk topServicesPriv
    0x927d2000 - 0x92a02fff com.apple.Foundation 6.4.8 (567.29) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
    0x92bcb000 - 0x92bd3fff com.apple.speech.recognition.framework 3.6 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecogni tion.framework/Versions/A/SpeechRecognition
    0x92dbf000 - 0x92dcdfff com.apple.audio.SoundManager 3.9.1 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.f ramework/Versions/A/CarbonSound
    0x92dde000 - 0x930d3fff com.apple.HIToolbox 1.4.9 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.fra mework/Versions/A/HIToolbox
    0x931d9000 - 0x931e4fff com.apple.opengl 1.4.16 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
    0x93256000 - 0x9390cfff com.apple.AppKit 6.4.8 (824.42) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
    0x93c8d000 - 0x93d08fff com.apple.CoreData 91 (92.1) /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
    0x93d41000 - 0x93dfbfff com.apple.audio.toolbox.AudioToolbox 1.4.5 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
    0x93e3e000 - 0x93e3efff com.apple.audio.units.AudioUnit 1.4.3 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
    0x93e40000 - 0x94001fff com.apple.QuartzCore 1.4.12 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
    0x94047000 - 0x94088fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib
    0x94090000 - 0x940cafff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dyl ib
    0x94e02000 - 0x94ef6fff libicucore.A.dylib /usr/lib/libicucore.A.dylib
    0x95c18000 - 0x95c57fff com.apple.CFNetwork 129.21 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwo rk.framework/Versions/A/CFNetwork
    0x96c72000 - 0x96cb2fff com.apple.ImageIO.framework 1.5.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/ImageIO
    0x96cc6000 - 0x96ccafff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libGIF.dylib
    0x96ccd000 - 0x96d2cfff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libJP2.dylib
    0x96d40000 - 0x96d5efff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libJPEG.dylib
    0x96e31000 - 0x96e4bfff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libPng.dylib
    0x96e51000 - 0x96e53fff libRadiance.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libRadiance.dylib
    0x96e56000 - 0x96edcfff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libRaw.dylib
    0x96ee1000 - 0x96f1efff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libTIFF.dylib
    0x9dc8c000 - 0x9dc93fff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib
    0x9fa6f000 - 0x9fad7fff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServi ces.framework/Versions/A/OSServices
    0x9fb10000 - 0x9ff65fff com.apple.CoreGraphics 1.258.75 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreGraphics.framework/Versions/A/CoreGraphics
    0x9fffc000 - 0x9fffefff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib

  • Quicktime Java Vulnerability (4/24/07) -

    A QT vulnerability is reported to affect QT versions 3x,4x,5x,6x,7x when used w/Java in browsers: Safari, Firefox and IE. Hopefully this will be patched in a timely manner. In the meantime surf carefully and take appropriate precautions.
    Info sources:
    Secunia advisory
    Apple QuickTime Java Handling Unspecified Code Execution
    Secunia Advisory: SA25011
    Release Date: 2007-04-24
    Critical:
    Highly critical
    Impact:
    System access
    Where:
    From remote
    Solution Status:
    Unpatched
    Software:
    Apple Quicktime 3.x
    Apple Quicktime 4.x
    Apple Quicktime 5.x
    Apple Quicktime 6.x
    Apple QuickTime 7.x
    A vulnerability has been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
    The vulnerability is caused due to an unspecified error within the Java handling in QuickTime. This can be exploited to execute arbitrary code when a user visits a malicious web site using a Java-enabled browser e.g. Safari or Firefox.
    The vulnerability is reported on a Mac OS X system using Safari and Firefox. Other browsers and platforms may also be affected.
    Solution:
    Disable Java support.
    Do not browse untrusted websites.
    Provided and/or discovered by:
    Dino Dai Zovi
    Original Advisory:
    Matasano:
    http://www.matasano.com/log/812/break...n-quicktime-affects-win32-apple-code/
    US-Cert current activity
    Vulnerability Involving Apple QuickTime and Java
    added April 24, 2007 at 04:07 pm
    US-CERT is aware of a new vulnerability involving Apple QuickTime and Java. Any platform supporting QuickTime and Java may be affected. Details about the vulnerability are currently limited; however, it is reported that disabling Java will protect users.
    US-CERT recommends users follow the Securing Your Web Browser document to disable Java.
    US-CERT will continue to investigate this vulnerability and provide more information as it becomes available
    Spybot S&D advisory
    QuickTime vuln - unpatched
    FYI...
    - http://isc.sans.org/diary.html?storyid=2689
    Last Updated: 2007-04-24 21:54:43 UTC ~ "Secunia has posted an advisory today that involves Apple Quicktime Java. According to the advisory this is a highly critical problem that affects versions 3.x, 4.x, 5.x, 6.x and 7.x. The vulnerability is due to an unspecified error within the Java handling in QuickTime. This can be exploited allowing execution of arbitrary code when a user visits a malicious web site using a Java-enabled browser e.g. Safari or Firefox (ed. note: IE, too)..."

    Does this vulnerability exist in the PowerPC code as well?

  • Interface Criticity

    Hi experts,
    how would you define :
    a high criticity interface ?
    a medium ?
    a low ?
    Kind regards,
    Jamal

    Adding to what Mike said....
    For most of the organization critical interface would be that carries vital information in terms of Business (data).
    For an organization handling its customers and suppliers, a customer interface might be more critical than a supplier interface. But saying that its all a definition from the organization itself. They define whats critical to them

  • Newly publicized android "Fake ID" vulnerability

    Critical Android vulnerability lets malware compromise most devices and apps | PCWorld
    Vulnerability impacting multiple versions of Android could enable device takeover - SC Magazine
    Yesterday, the Internet was abuzz with the latest security flaw affecting pre-KitKat Android phones (see above links).
    Google released a patch in April 2014, but so far,I know my Casio C811 hasn't received any updates since the 4.1.2 update in March of this year.
    Can Verizon please address this issue and tell us whether a software update will be released and whether there is anything we can do in the interim to mitigate the risk?
    THANK YOU!

    Chamsalot wrote:
    anything we can do in the interim to mitigate the risk?
    THANK YOU!
    As the SC Magazine app states - "The malware-laced app is then distributed in any number of ways – slipped into a public app store, sent as an email attachment or a link in a SMS message, or placed on a public website – for the user to download and install... Forristal suggested only downloading apps from trusted sources to prevent being compromised."
    Get your apps from the Google play store - be very suspicious of apps in email or text message links, or on websites.  I realize many of us get texts, emails, etc from various companies with links to apps.  I do some publicity, and build websites where mobile app links are given ... so maybe no one will click those links anymore, but they CAN go to the app store and search and find the app that way. 
    And if 4.4.x is available for your device, download it and install it, since this vulnerability is only present in 4.3 and below.

  • Kernel Vulnerability

    Find the whole thing here
    http://isec.pl/vulnerabilities/isec-001 … -unmap.txt
    Here's the condensed version:
    A critical security vulnerability has been found in the Linux kernel memory
    management code inside the mremap(2) system call due to missing function return
    value check. This bug is completely unrelated to the mremap bug disclosed on
    05-01-2004 except concerning the same internal kernel function code.

    from this link wrote:Version:   2.2 up to and including 2.2.25, 2.4 up to to and including 2.4.24,    
               2.6 up to to and including 2.6.2
    so 2.4.25 and 2.6.3 are not problematic, right?

  • Lumia 800 and 23.976 FPS MP4 - Playback Issue

    Quite lately, I have been wondering, if I should bring up this issue or not. Thought, what the hell - lets pen it down anyway.
    So here's the deal, I have a lot of 720P DTS/DD HD movies which I generally re-encode to H.264 lower bit rates (1500 to 2000 kbps) and  Audio to AAC and finally MUX them in MP4 (sounds terrible right !). The resultant file plays fine on VLC, HOWEVER, its terribly laggy/jerky on Lumia 800.
    After a lot of hit and trial, I found a workaround though : Mux the H.264 Video stream @ 25 fps and Speed up the Audio from 23.976 to 25. Now the movie playback on Lumia is tolerable but not that smooth.
    My N8 can play 23.976 Movies just fine. Now the Question - Why is Lumia 800 not able to playback the most widely used 23.976 framerate encoded movies and why I have to increase the FPS (to 25) in order to achive a decent playback.
    PS: Movies which are @ 30 fps has absolutely brilliant playback on Lumia, though. But unfortunately, we cannot speedup 23.976 to 30, coz speeding up the Audio to 30 framerate makes the audio sound terrible and cartoonish.
    EDIT : Let's make it more clear. The culprit is not 720p. I even tried resizing the video to 800x450 (Progressive) and keeping the original framerate to 23.976.The playback is still noticeably jerky. So the culprit is definitely the framerate.
    Cheers !!

    @ noenid : Hey buddy... Still stuck with the playback issue.. I realized that long back and am glad that I finally gave up on Nokia. Few weeks back I just bought Sony Xperia Z. Now that's what a "smartphone" should be... Its almost impossible to find something that the "Z DOESN'T DO"...
    Maybe Nokia can convince Microsoft to re-design the Windows Phone OS and bring it at part with other OS. I really don't know why Microsoft chose to go the "Apple Way"... They may say "Security" >> to which I say "**bleep**"....
    And why do I say **bleep** ?? Depite all the security and locked OS API's, I still don't see any substantial acceptance of Windows Phone OS in Business community... Android on the other hand, was highly criticized for being "vulnerable" >> But look around man... Almost every banking / IT / Financial Sector have their apps on it.. I really don't want Windows Phone OS to roll-over and die... 
    As they say: You can fool me once, but not twice...  

  • Office 2013 Std (local) in combination with Office 2013 Pro (App-V)

    Hello,
    I have multiple RDS servers, that have Office 2013 Std installed locally. I did this on purpose, after reading some blogs pointing out Office 2013 is a complicated applicatie to stream well. And of course Office 2013 is highly critical to my clients.
    So I have a local installation of Office 2013 Std on every RDS server.
    The catch is, that the client also has an open license for Office 2013 Pro. This is because some users need to work with 'Access 2013'.
    So I thought it would be nice to use App-V to stream Access 2013 to the RDS servers. I have created the package for Office 2013 Pro, with Access in it. And I succesfully published Access 2013 to the group of users. So I can use Access on the RDS servers.
    The problem is, that when I click on the appliation "MSACCESS.exe", the application pops up in taskmanager and is immidiatly shut down again. So it never launches. No error, no nothing.
    I can't find any directions in the server, applicatie or App-V logs in the eventviewer. Does anyone have a clue where to look?
    Thanks in advance

    I think to be on a safe side, using a 'true' control system like AppSense or using dedicated RDS servers would be the only legally valid option.
    Even when Office (or at least Access) is virtualized, the licensing part and product key handling is done natively on the RDS servers by the 'Office 2013 Deployment Kit'. Besides others this includes a locally installed 'licensing stump'. Therefor there
    can be only one Office Suite product key be assigned to a RDS server machine.
    In fact you could tell the Deployment Kit to use the Office Pro key (allowing a virtualized Access to run), but then also the locally installed Office Version would (attempt to ) be licensed as 'Pro'. That potentially won't work. In fact you could re-configure
    the local Standard Office installation to consume Pro licenses, but that doesn't fit to your legal licenses.
    As Aaron write, legally an Office license is bound to the endpoint device, so you'd have to make sure that your Access App-V package can only be access by permitted client machines. And while App-V can filter application on the accessing user and the executing
    machine, it can't filter on the accessing end-point.
    Though we don't like it... 3rd party or a server silo seem the way to go.
    Falko
    Twitter
    @kirk_tn   |   Blog
    kirxblog   |   Web
    kirx.org   |   Fireside
    appvbook.com

  • Is it possible for SA540 to work in transparent bridge mode?

    Hi all,
    I've been considering to use a Cisco SA540 in an industrial project; please consider Scenario 1 and 2 files attached (bear with me - I'm an engineer, not an artist).
    All networks mentioned in both scenarios are regular and well known Ethernet TCP/IP networks. The Corporate Network and Automation Network (including the DMZ) are in different subnets. The Corporate Network is the biggest one, similar to any company's corporate network you all know. The Automation Network exists for the purpose of operating and maintaining the industry process; it's smaller but highly critical. Only specific staff (automation staff and dedicated operators) have access to it. Although many devices and networks in the Automation Network are industry specific - not so well known, a small segment of it is plain Ethernet TCP/IP, as I've already stated. The Automation Network has a DMZ, where we lay servers that provide industry process information for the Corporate Network.
    Scenario 2 may look at a first glance the best option, since it's simpler, doesn't require another router and benefits from Cisco SA540 support for both a LAN and a DMZ. The problem with Scenario 2 is the following:
    Since both networks are maintained by different teams under different management, TI staff would have absolute control over the Cisco SA540. This way automation staff could not grant that the Automation Network is really protected from the Corporate Network.
    TI staff may even demand for another device to interface with the Automation Network - which is not Cisco SA540, since they rule everything that lives in the Corporate Network. In this case, I have my hands tied!
    Scenario 1 solves the above problems. Since automation would have absolute control over the Cisco SA540, they could grant security for the Automation Network (except for DMZ, but that's the reason why it is called a DMZ!). TI staff could ask for any router they prefer to interface with the DMZ, I would never mind about it.
    Considering the above, I will probably be forced to adopt Scenario 1 instead of Scenario 2. So here comes my question: is it possible for Cisco SA540 to work with the same subnet for both WAN and LAN interfaces (in Scenario 1, no DMZ interface is required)? In other words, is it possible for Cisco SA540 to work in transparent bridge mode? I've been through all of the Cisco SA540 Administration Manual and as far as I could understand, routing is not an option - it is demanding.
    Although I understand I could adopt Scenario 1 and still have different subnets for DMZ and the rest of the Automation Network by connecting the DMZ to the WAN interface and the rest of the Automation Network to the LAN interface in the Cisco SA540, I believe it's not worth the effort. The Automation Network is so small and we do all we can to keep it as simple as possible.

    Adriano, there is a RV042G, which supports the gig ports and a 800 mbps nat throughput. Here is the datasheet
    http://www.cisco.com/en/US/prod/collateral/routers/ps10907/ps9923/ps12262/data_sheet_c78-706724.html
    If you are using a DSL connection, the SRP527/547 models may be an alternative. These models support the RFC 1483 Bridges EOA Please note the SRP547 should be 10/100/1000. Also note the SRP521/541 are Fast Ethernet units and they do differ from the SRP527/547. The main selling point of these devices are the FXS/FXO ports. So this may also be a bit of an "unfocused" solution. But it's worth throwing the idea out there!
    Here is the admin guide;
    http://www.cisco.com/en/US/docs/voice_ip_comm/unified_communications/srp540_series/administration/srp500_AG_2567701.pdf
    Here is the datasheet;
    http://www.cisco.com/en/US/prod/collateral/voicesw/ps6790/gatecont/ps10500/data_sheet_c78-550705.pdf

  • Gwdca.exe - Entry Point Not Found Error With Hot Patch 4

    We've upgraded a few of our GroupWise 8 clients from 8.0.3 Hot Patch 3 to 8.0.3 Hot Patch 4 to address the critical security vulnerability in HP3. We receive the following error message (attached) every few minutes which seems to be related to the archving process.
    Receiving gwdca.exe - entry point not found
    The procedure entry point DAGetLinkedObjectParent could not be located in the dnyamic link library sccda.dll
    When the error appears, it seems to correlate to the "Updating Archive Quickfinder Indexes" appearing in the bottom left corner of the GW client. Backreving the client to 8.0.3 HP 3 resolves the problem. We have tried running GW Check on the mailbox as well as forcing a reindex of the archive without any success. Any insight would be appreciated.
    Thanks
    Josh

    Originally Posted by joshbilsky
    We've upgraded a few of our GroupWise 8 clients from 8.0.3 Hot Patch 3 to 8.0.3 Hot Patch 4 to address the critical security vulnerability in HP3. We receive the following error message (attached) every few minutes which seems to be related to the archving process.
    Receiving gwdca.exe - entry point not found
    The procedure entry point DAGetLinkedObjectParent could not be located in the dnyamic link library sccda.dll
    When the error appears, it seems to correlate to the "Updating Archive Quickfinder Indexes" appearing in the bottom left corner of the GW client. Backreving the client to 8.0.3 HP 3 resolves the problem. We have tried running GW Check on the mailbox as well as forcing a reindex of the archive without any success. Any insight would be appreciated.
    Thanks
    Josh
    Duplicated and reported as defect #902940.

  • Satellite M30: coloured lines run up and down on display

    Hi there
    Ive got a problem with the display on my Satelite M30. I can boot into windows fine etc but coloured lines run up and down my display as well as general artifacts. I cant even install nvidia drivers without a blue screen.
    The strange thing is that if i apply pressure to the left side of my touch pad i can instal the drivers and everything is fine! Release the pressure and the computer crashes. Ive opened the laptop up and can find nothing that could be causing this.
    Any insight here?
    Maki43

    Hi
    You could check if the problem is related to the LCD monitor or to the graphic card.
    Try to connect the external monitor and check if the lines appear on the second display.
    If the lines does not appear then the graphic card should be ok.
    Did you try to install the graphic driver from the Nvidia website??? Such drivers are not designed for the usage on the Toshiba notebook. You have to use the own Toshiba graphic drivers because the drivers supports an overheating protection.
    If the temperature increases to the higher, critical level the Toshiba drivers will decreases the graphic card performance.
    The other graphic drivers dont support such function and therefore the graphic chip can overheat!
    Anyway, I think also the technician should check the notebook

  • Oracle Security : what do you think about the following policy violation ?

    If you install OEM10, you will be able to see if you violate some security guidelines :
    Interresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...
    Take care about the failed login attempts. If you set it to 10 to the default profile, and if your DBSNMP password is NOT the default password, then Oracle will lock your account after node discovery!
    In Solaris, you can disable execution of the user stack with the system parameters set noexec_user_stack=1
    set noexec_user_stack_log=1. I did not find how to do it on AIX. However, those settings may have side effects.
    About the ports, it complains about open ports, even if this is the port oracle listener is using! Simply ignore most of the violations there.
    About JAccelerator (NCOMP), it is located on the "companion" CD.
    Ok, Waiting for your feedback
    Regards
    Laurent
    [High]      Critical Patch Advisories for Oracle Homes     Configuration     Host     Checks Oracle Homes for missing critical patches          
    [High]      Insufficient Number of Control Files     Configuration     Database     Checks for use of a single control file          
    [High]      Open ports     Security     Host     Check for open ports          
    [High]      Remote OS role     Security     Database     Check for insecure authentication of remote users (remote OS role)          
    [High]      EXECUTE UTL_FILE privileges to PUBLIC     Security     Database     Test for PUBLIC having EXECUTE privilege on the UTIL_FILE package          
    [High]      Listener direct administration     Security     Listener     Ensure that listeners cannot be administered directly          
    [High]      Remote OS authentication     Security     Database     Check for insecure authentication of remote users (remote OS authentication)          
    [High]      Listener password     Security     Listener     Test for password-protected listeners          
    [High]      HTTP Server Access Logging     Security     HTTP Server     Check that HTTP Server access logging is enabled          
    [High]      Web Cache Access Logging     Security     Web Cache     Check that Web Cache access logging is enabled          
    [High]      Web Cache Dummy wallet     Security     Web Cache     Check that dummy wallet is not used for production SSL load.          
    [High]      HTTP Server Dummy wallet     Security     HTTP Server     Check that dummy wallet is not used for production SSL load.          
    [High]      Web Cache owner and setuid bit'     Security     Web Cache     Check that webcached binary is not owned by root and setuid is not set          
    [High]      HTTP Server Owner and setuid bit     Security     HTTP Server     Check the httpd binary is not owned by root and setuid bit is not set.          
    [High]      HTTP Server Directory Indexing     Security     HTTP Server     Check that Directory Indexing is disabled on this HTTP Server          
    [High]      Insufficient Redo Log Size     Storage     Database     Checks for redo log files less than 1 Mb          
    [Medium]      Insufficient Number of Redo Logs     Configuration     Database     Checks for use of less than three redo logs          
    [Medium]      Invalid Objects     Objects     Database     Checks for invalid objects          
    [Medium]      Insecure services     Security     Host     Check for insecure services          
    [Medium]      DBSNMP privileges     Security     Database     Check that DBSNMP account has sufficient privileges to conduct all security tests          
    [Medium]      Remote password file     Security     Database     Check for insecure authentication of remote users (remote password file)          
    [Medium]      Default passwords     Security     Database     Test for known accounts having default passwords          
    [Medium]      Unlimited login attempts     Security     Database     Check for limits on the number of failed logging attempts          
    [Medium]      Web Cache Writable files     Security     Web Cache     Check that there are no group or world writable files in the Document Root directory.          
    [Medium]      HTTP Server Writable files     Security     HTTP Server     Check that there are no group or world writable files in the Document Root directory          
    [Medium]      Excessive PUBLIC EXECUTE privileges     Security     Database     Check for PUBLIC having EXECUTE privileges on powerful packages          
    [Medium]      SYSTEM privileges to PUBLIC     Security     Database     Check for SYSTEM privileges granted to PUBLIC          
    [Medium]      Well-known accounts     Security     Database     Test for accessibility of well-known accounts          
    [Medium]      Execute Stack     Security     Host     Check for OS config parameter which enables execution of code on the user stack          
    [Medium]      Use of Unlimited Autoextension     Storage     Database     Checks for tablespaces with at least one datafile whose size is unlimited          
    [Informational]      Force Logging Disabled     Configuration     Database     When Data Guard Broker is being used, checks primary database for disabled force logging          
    [Informational]      Not Using Spfile     Configuration     Database     Checks for spfile not being used          
    [Informational]      Use of Non-Standard Initialization Parameters     Configuration     Database     Checks for use of non-standard initialization parameters          
    [Informational]      Flash Recovery Area Location Not Set     Configuration     Database     Checks for flash recovery area not set          
    [Informational]      Installation of JAccelerator (NCOMP)     Installation     Database     Checks for installation of JAccelerator (NCOMP) that improves Java Virtual Machine performance by running natively compiled (NCOMP) classes          
    [Informational]      Listener logging status     Security     Listener     Test for logging status of listener instances          
    [Informational]      Non-uniform Default Extent Size     Storage     Database     Checks for tablespaces with non-uniform default extent size          
    [Informational]      Not Using Undo Space Management     Storage     Database     Checks for undo space management not being used          
    [Informational]      Users with Permanent Tablespace as Temporary Tablespace     Storage     Database     Checks for users using a permanent tablespace as the temporary tablespace          
    [Informational]      Rollback in SYSTEM Tablespace     Storage     Database     Checks for rollback segments in SYSTEM tablespace          
    [Informational]      Non-System Data Segments in System Tablespaces     Storage     Database     Checks for data segments owned by non-system users located in tablespaces SYSTEM and SYSAUX          
    [Informational]      Users with System Tablespace as Default Tablespace     Storage     Database     Checks for non-system users using SYSTEM or SYSAUX as the default tablespace          
    [Informational]      Dictionary Managed Tablespaces     Storage     Database     Checks for dictionary managed tablespaces (other than SYSTEM and SYSAUX)          
    [Informational]      Tablespaces Containing Rollback and Data Segments     Storage     Database     Checks for tablespaces containing both rollback (other than SYSTEM) and data segments          
    [Informational]      Segments with Extent Growth Policy Violation     Storage     Database     Checks for segments in dictionary managed tablespaces (other than SYSTEM and SYSAUX) having irregular extent sizes and/or non-zero Percent Increase settings

    Interresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...Okay, as this is (I think) aimed at me, I'll fall for it ;)
    What is the point of revoking UTL_FILE from PUBLIC? Yes I know what you think the point is, but without rights on an Oracle DIRECTORY being able to execute UTL_FILE is useless. Unless of course you're still using the init.ora parameter
    UTL_FILE_DIR=*which I sincerely hope you're not.
    As for UTL_SMTP and UTL_TCP, I think whether a program is allowed to send e-mail to a given SMTP server is really in the remit of the e-mail adminstrator rather than the DBA.
    Look, DBAs are kings of their realm and can set their own rules. The rest of us have to live with them. A couple of years ago I worked a project where I was not allowed access to the USER_DUMP_DEST directory. So every time I generated a TRC file I had to phone up the DBA and a couple of hours later I got an e-mail with an attachment. Secure yes, but not very productive when I was trying to debug a Row Level Security implementation.
    I have worked on both sides of the DBA/Developer fence and I understand both sides of the argument. I think it is important for developers to document all the privileges necessary to make their app run. Maybe you don't have a better way of doing that than revoking privileges from PUBLIC. Or maybe you just want to generate additional communication with developers. That's fine. I know sometimes even DBAs get lonely.
    Cheers, APC

Maybe you are looking for

  • New keyboard shortcut didn't work; neither did resetting default

    I wanted to create a new keyboard shortcut for sending mail, so I used the system prefs pane like the help file said (new application shortcut, select mail, etc). After creating my new shortcut (^X), it initially didn't appear in the Message menu for

  • Stuck in safe mode on windows 8.1. and it is not recognizing my password, so i cant get into anywhere to sort it.

     NORTON WERE DOING A REMOTE ASSIST, WHEN THEY HAD TO RESTART MY LAPTOP, BUT WHEN ASKED FOR MY USER NAME PASSWORD IT WAS SAYING EITHER YOUR U/NAME, OR P/WORD IS INCORRECT. SO NORTON COULDN'T HELP. SO I CONTACTED MICROSOFT TO GET A NEW PASSWORD WHICH W

  • Who will assign the prices for refurbished & faulty & on which basis

    Dear Friends while implementing this refurbishment process the pricing for c2 repaired & faulty c3 who will decide & on which basis since every time we cannot have same fault for c3 (sometimes winding burn ,sometimes bearing faulty then for all how i

  • Tax invoice smartform driver program

    Hello Everyone,       i want any sample example driver program for getting value from "vf03" in that i want fetch values for fields like BASIC BILL OF VALUE, ADD AMOUNT 5% VAT on_________ SerTax 2.06% on _________ Total Amt: D = A + B + C if any one

  • MS Word OLE integration i new UI??

    Hi Folks We are in the middle of an upgrade from CRM 3.1 to CRM2007.  And the new WEB UI. In our old SAP gui, we have developped a ABAP Report program that collects a lot of data, and then via OLE integrated to a Word document. We didn't use the DOI,