Latest Secruity Bulletin (CVE-2010-1297)

Similar Messages

• I have a Java/CVE-2010-94 virus on my macbook pro. Can Someone help me fix this?

  I used Virus Barrier Express that I downloaded from the App Store and it found a virus named Java/CVE-2010-94. I ran Virus Barrier Express again after I prssed the "fixed it" button; however, i'm not sure if this virus or any other virus is still on my MacBook Pro. Can someone please help me know if i'm safe to use my Mac?
  *The first sign of any type of virus was when I was on a website and my screen froze. I couldn't move anything or press anything. Something popped up and told me to turn off the Mac. I had no choice and I did turn it off. I used my Virus Barrier Express to scan any viruses, but nothing appeared. It only appeared after I downloaded new updates yesterday.
  *I just did some research and it turned out to be a "kernel Panic". http://support.apple.com/kb/TS3742 I haven't encountered another one ever since so does that mean my Mac is safe now?

  Steven --
  Get rid of the VirusBarrier Express.  At this time, there are no Mac viruses.  All you're doing with that thing is slowing down your Mac.  Look in your VBE folder, to see if there's an UNinstaller.  I don't know why Apple is making these things available.  They're garbage, 98% of them.  Two good ones are ClamXav and Sophos.  But still, IMHO, they are unnecessary.
  Kernel Panics, on the other hand, are serious.  If you don't have any more of them, that's good.  If you have any more of them, come back and post your Panic report here. 
  Here's info on this virus, which should affect only PCs.
  http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exp loit%3AJava%2FCVE-2010-0094.AA
  But the have some great advice to avoid malware:
  Take the following steps to help prevent infection on your computer:
  Enable a firewall on your computer.
  Get the latest computer updates for all your installed software.
  Use up-to-date antivirus software.
  Limit user privileges on the computer.
  Use caution when opening attachments and accepting file transfers.
  Use caution when clicking on links to web pages.
  Avoid downloading pirated software.
  Protect yourself against social engineering attacks.
  Use strong passwords.

• Java error - Oracle Security Alert for CVE-2010-4476

  I have come across this security alert described at http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.htm l
  In summary - Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number.
  This vulnerability affects:
  Java SE
  JDK and JRE 6 Update 23 and earlier for Windows, Solaris, and Linux
  JDK 5.0 Update 27 and earlier for Solaris 9
  SDK 1.4.2_29 and earlier for Solaris 8
  Java for Business
  JDK and JRE 6 Update 23 and earlier for Windows, Solaris and Linux
  JDK and JRE 5.0 Update 27 and earlier for Windows, Solaris and Linux
  SDK and JRE 1.4.2_29 and earlier for Windows, Solaris and Linux
  Java for MacOS X 10.6 update 3 updates Java to SE 6 to version 1.6.0_22.
  Is anyone aware of new Java update for Mac that will fix this problem? If one doesn't exist, does anyone know when a new update will be available?
  Thanks.

  Hi Hussein,
  have you applied this? Please can you update?
  Our environment: 11.5.10.2 (9.2.0.7)running on HP-UX PARISC. We are using Jinitiator. We are not yet migrated to J2SE Plugin.
  So, since the sercurity patch is for JRE, is that still required for our environment?
  Please advise?
  Edited by: oraDBA2 on Feb 13, 2011 9:12 PM

• CSCuj31717 - IPS Vulnerability to CVE-2010-5107 - OpenSSH

  Hello,
  We have found our ACS 1121 appliances running 5.4 ACS code are vulnerable to
  CVE-2004-1653
  CVE-2010-5107
  Our information suggests the appliances are using Openssh 5.3 and these vulnerabilities have been fixed it Openssh 6.2 or newer versions.
  What is the timeline for udatding openssh on the ACS 1121 appliance? I have checked the bug database and see no current fixes have been published.
  We also use Cisco IPS modules in redundant Cisoc 5525X firewalls. These also appear to be vunerable.
  I would like to know firmware roadmap to fix these vulnerabilities.
  What remediations or workarounds does Cisco recommend in lieue of a oppenssh upgrade/patch/fix?
  Regards,
  Scott Robertson

  Hi Scott,
  For the ACS, bug CSCuj27463 is filed (and fixed) to address CVE-2010-5107.
  For timelines on releases, please open a TAC case and reference the bugs.
  Sincerely,
  David.

• Latest Bootcamp drivers (June 2010) comatible with Windows XP 54 Bit?

  Hi
  I am planning on updating my existing BootCamp partition to windows Xp 64 Bit edition on my MacBook Pro so it uses all my 4 gigs of RAM but I was wandering if the latest drivers would be compatible with it because in the description of the latest update in the Apple Downloads page it says that this 64 bit drivers update needs XP, Vista or 7, but in BootCamp assistant it says it needs Xp 32 Bit specifically.
  I can't install windows 7 or Vista because I have very limited space in my HardDrive and I would have to make a very large partition.
  Here is what says in the download description, just in case.
  ( About Boot Camp Software Update 3.1 for Windows 64 bit
  This update adds support for Microsoft Windows 7 (Home Premium, Professional, and Ultimate), addresses issues with the Apple trackpad, turns off the red digital audio port LED on laptop computers when it is not being used, and supports the Apple wireless keyboard and Apple Magic mouse.
  This update is highly recommended for all Boot Camp 3.0 users.
  System Requirements
  ::Windows XP:: ??? (This is my question)
  Windows Vista SP2
  Boot Camp 3.0 )
  Link: http://support.apple.com/kb/DL979
  Thanks

  Were you able to successfully use wireless and an NVidia driver? I missed that 64 bit XP was not supported. Anyway, I was able to work around a number of things; but I can't get XP to recognize the graphics hardware or install the Nvida drivers. I'd persist if I could get this to work. Were you able to?
  Thanks for any help.
  Greg

• HT6041 does anyone have information re: motion 5.1 ? the latest security bulletin describes the need for it but neither  " software update: or the "app store"  seems to have it.

  I have read and re read this security bulletin and I have checked software update and the " app store" and there is no mention of "motion" or "motion 5.1"

  FWIW, here is the Apple troubleshooting note for Motion updates that aren't being offered, and the Apple best practices for Motion and related.   Here are the Mac App Store troubleshooting tips.

• Latest Flash @ 11 July 2010 - Firefox.

  Dear Adobe People,
  Firefox & Flash
  Having trawled through
  embedded  player on BBC news sites doesn't open
  and several other similar threads, it's pretty clear that there's a major issue. I have the very same probs.  I have uninstalled sequentially all the potential conflictors and cleaned registry both by hand and automagically by program to leave no trace.
  Clean reinstall of Firefox (latest) and Flash (Latest) produces no BBC capability.
  IE is fine, but I don't use IE.
  Just let me know when it's fixed, yes?
  Thanks,
  Andy

  Same problem for me as well, ridiculous. only 10.3 will work for me, every version of FF and flash after 10.3 = crash!

• 6500 ACE MODULE: CVE-2010-4180 and CVE-2005-2969

  Hello,
  The version 3.0(0)A5(1.2) is vulnerable to these CVEs. I was looking for fix but it´s hard to find good information at Cisco Release Notes.
  the old versions: http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA2_3_x/Release/Note/RACEA2_3_X.html.
  I was checking if the version A5(3.0) would fix it, but nothing is said in release notes.
  http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA5_3_x/release/note/ACE_mod_rn_A53x.html
  Anyone know if newer version fixes it or know other source of information?
  Thanks.

  Hi,
  The first vulnerability has been documented by the ACE team under Cisco
  Bug ID CSCtk69440 (https://tools.cisco.com/bugsearch/bug/CSCtk69440).
  This vulnerability was resolved by the engineering team by disabling the
  affected function call.  This particular feature was not in use by the ACE
  device.  The issue was first resolved in Version 3.0(0)A4(1.0.72) back in
  2011.
  The second vulnerbility identified by CVE-2005-2969 does not have a public
  bug ID.  However, the engineering team has evaluated the impact of this
  issue.  The affected padding functions were never enabled in the ACE
  software and the device is not affected.  This would remain the case even
  if SSLv2 were to be enabled on the device for legacy browser compatibility.
  I hope it helps you.
  Regards,
  Felipe Lima

• When download the latest baseline (8 December 2010) job never finisched.

  On Enterprise Controller we see:
  27514:2011-01-18_10:12:26 DEBUG [ lcgi: ../src/lcgi.cc: # 274 ] 0 REDIRECT_QUERY_STRING env variable not set
  27514:2011-01-18_10:12:26 DEBUG [ lcgi: ../src/lcgi.cc: # 282 ] 0 QUERY_STRING is <action_type=get_credential_only>
  27514:2011-01-18_10:12:26 WARNING [ rcfiles: ../src/preferences.cc: # 362 ] 0 PrefParam::find - parameter guus_auth_name not found
  27514:2011-01-18_10:12:26 WARNING [ rcfiles: ../src/preferences.cc: # 362 ] 0 PrefParam::find - parameter guus_auth_msg not found
  27516:2011-01-18_10:12:26 DEBUG [ lcgi: ../src/lcgi.cc: # 274 ] 0 REDIRECT_QUERY_STRING env variable not set
  27516:2011-01-18_10:12:26 DEBUG [ lcgi: ../src/lcgi.cc: # 282 ] 0 QUERY_STRING is <action_type=get_authentication>
  27516:2011-01-18_10:12:26 INFO [ xml_wrapper: ../src/xml_wrapper.cc: #  27 ] 0 Dom.startDocument() /opt/SUNWuce/server/public/channels.xml
  27516:2011-01-18_10:12:26 INFO [ xml_wrapper: ../src/xml_wrapper.cc: # 139 ] 0 Dom.endDocument() /opt/SUNWuce/server/public/channels.xml
  27516:2011-01-18_10:12:26 INFO [ xml_wrapper: ../src/xml_wrapper.cc: #  27 ] 0 Dom.startDocument() /opt/SUNWuce/server/public/activated_channels.xml
  27516:2011-01-18_10:12:26 INFO [ xml_wrapper: ../src/xml_wrapper.cc: # 139 ] 0 Dom.endDocument() /opt/SUNWuce/server/public/activated_channels.xml
  27516:2011-01-18_10:12:26 WARNING [ rcfiles: ../src/preferences.cc: # 362 ] 0 PrefParam::find - parameter uce_server_authcgi-level not found
  27516:2011-01-18_10:12:26 WARNING [ rcfiles: ../src/preferences.cc: # 362 ] 0 PrefParam::find - parameter uce_server-level not found
  27516:2011-01-18_10:12:26 WARNING [ rcfiles: ../src/preferences.cc: # 362 ] 0 PrefParam::find - parameter uce-level not found
  On Asset we see:
  6106:2011-01-18_09:05:26 ERROR [ Server_i: ../src/Server_i.cc: # 427 ] 268699648 HTTP server request: Cannot connect.
  6106:2011-01-18_09:05:26 INFO [ Server_i: ../src/Server_i.cc: # 766 ] 151066368 Waiting (Seconds) before retrying to communicate with parent. Context: max_retries=10;retry_number=9;time_to_retry=10
  6106:2011-01-18_09:05:36 ERROR [ Server_i: ../src/Server_i.cc: # 776 ] 151068416 Maximum retries has reached. Aborting communication. Context: retry_no=10
  6106:2011-01-18_09:05:36 ERROR [ uce.agent.app: source_unavailable: #0 ] 67179264 Failure while trying to reach SDS. About to exit.
  6106:2011-01-18_09:05:36 INFO [ uce.agent.app: ../src/AgentApp.cc: #1811 ] 0 Logout process started. Trying to get lock...
  6106:2011-01-18_09:05:36 INFO [ uce.agent.app: ../src/AgentApp.cc: #1820 ] 0 Logout process started.
  6106:2011-01-18_09:05:36 ERROR [ uce.agent.app: ../src/AgentApp.cc: #1828 ] 67179264 Failure while trying to reach SDS. About to exit.
  6106:2011-01-18_09:05:36 ERROR [ default_logger: source_unavailable: #0 ] 67179264 Failure while trying to reach SDS. About to exit.
  6106:2011-01-18_09:05:36 INFO [ client_app: ../src/main.cc: #  28 ] 67179264 Failure while trying to reach SDS. About to exit.
  6106:2011-01-18_09:05:36 INFO [ uce.agent.app: ../src/AgentApp.cc: #1811 ] 0 Logout process started. Trying to get lock...
  6106:2011-01-18_09:05:36 INFO [ default_logger: source_unavailable: #0 ] 67179264 Failure while trying to reach SDS. About to exit. Waiting for logout ACK from server.
  11:2011-01-18_09:10:15 WARNING [ curl_api: ../src/CurlApi.cc: #1229 ] 0 lib curl return error: 7
  11:2011-01-18_09:10:15 ERROR [ Server_i: ../src/Server_i.cc: # 427 ] 268699648 HTTP server request: Cannot connect.
  11:2011-01-18_09:10:15 INFO [ Server_i: ../src/SI_file_prepare.cc: # 286 ] 0 server_request_command(///channels.xml.sig): attempt #1, error 268699648
  11:2011-01-18_09:14:06 INFO [ comm_system: ../src/comm_system.cc: # 535 ] 0 Connections_keeper::get_descriptors:c->should_select_on_write(): 0
  11:2011-01-18_09:14:10 WARNING [ curl_api: ../src/CurlApi.cc: #1229 ] 0 lib curl return error: 7
  11:2011-01-18_09:14:10 ERROR [ Server_i: ../src/Server_i.cc: # 427 ] 268699648 HTTP server request: Cannot connect.
  11:2011-01-18_09:14:10 INFO [ Server_i: ../src/SI_file_prepare.cc: # 286 ] 0 server_request_command(///channels.xml.sig): attempt #2, error 268699648
  Have we problem with this latest baseline?
  regards,
  Antonio

  I can't seem to edit this post anymore, for some odd reason.
  So here goes;
  I found this post in NVIDIA's knowledge base;
  When installing an after-market graphics card into a certified Windows 8 PC with UEFI enabled, the s...
  The interesting parts in this post are as follows;
  When an after-market graphics card is installed into a motherboard with UEFI enabled in the system BIOS, or if the system is a certified Windows 8 PC with Secure Boot enabled, the system may not boot.
  UEFI is a new system BIOS feature that is provided on most new motherboards. A UEFI system BIOS is required in order for the Windows 8 Secure Boot feature to work. Secure boot is enabled by default on certified Windows 8 PCs.
  In order to get the PC to boot with a graphics card that does not contain UEFI firmware, the end-user must first disable the secure boot feature in the system's SBIOS before installing the graphics card.
  Note: Some system SBIOS's incorporate a feature called compatibility boot. These systems will detect a non-UEFI-enabled firmware VBIOS and allow the user to disable secure boot and then proceed with a compatibility boot. If the system contains a system SBIOS the supports compatibility boot, the user will need to disable secure boot when asked during boot process
  This leads me to believe that the BIOS update that wrecked my setup was 9SKT58A/9SJT58A, which only contains one change;
  "Adds support for updating BIOS from a WIN7 BIOS to a WIN8 BIOS".
  I've just ordered a cheap UEFI-compatible GT640 from Gainward, so I hope I'll be able to try that out this weekend.

• LMS Status regarding Java Vulnerability CVE-2010-4476

  Is LMS 3.2 affected by the Oracle Java Floating-Point Value Denial of Service
  Vulnerability?
  http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html
  What about Patches?

  Hi,
  Here is a link to the bug:
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtn86202
  Thanks

• Problems(?) after the latest Security Update from 2010-09-20

  Last night I was prompted that there was a new security update (http://support.apple.com/kb/HT4361), so I let it install and restart. After the restart, the date/time was all messed up. It was set to "2000-12-31 at 4.01.42 PM" (why would it do that!?!?) for some reason AND firewall rules seems to have changed. I kept getting a popup message to allow/deny access to these processes: DNSResponder and Configd. I have very little idea of what these really are except that I couldn't connect to internet without allowing at least the DNSResponder. Is this a normal behavior? Has anyone experienced similar issues after this security update? Is there a way to compare the firewall settings before and after the update? (Does it keep a backup of the original settings somewhere??) Is this a cause for concern?

  Yep, problems here as well, after installing the update. Can't seem to get an answer to the problem, and now I am having issues getting my new wireless router to work with the Macbook. Not sure if the problems are related, but sure would like to get this thing fixed. May have to visit a Genius.

• OS 10.6.5 updater and flash player

  knowing that 10.6.5 updater brings flash player up to the latest available, I uninstalled the version of flash player I had installed (knowing Adobe recommends that you uninstall the old one before installing a newer version). So, I uninstalled it using hte provided adobe flash player uninstaller. I then ran the 10.6.5 updater and was surprised to find that it did not install flash player.
  Can I assume that, in this the case, the 10.6.5 updater will not install (or update) flash player if it does not find it already there?

  I am confusted, the notes in the 10.6.5 says it updates your flash player to the latest one...
  Flash Player plug-in
  http://support.apple.com/kb/HT4435
  CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2189, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976
  Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
  Impact: Multiple vulnerabilities in Adobe Flash Player plug-in
  Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution. The issues are addressed by updating the Flash Player plug-in to version 10.1.102.64. Further information is available via the Adobe web site at http://www.adobe.com/support/security/
  Message was edited by: powerbook1701
  Message was edited by: powerbook1701

• What's the best way to connect latest iphone to 2010 Mini CooperS  for hands free

  What is the best way to connect the latest iphone to a 2010 mini Cooper S for hands free operation?

  Patrick Hindman wrote:
  Does anyone have any suggestions of what kind of hardware I should purchase to do this? Basically, I want a jam-up iTunes server that serves everything to each device (sorry, should have worded it this way sooner! . Maybe a MacMini server would do it? Or possibly just a Mac Mini or would Time Capsule do something like this?
  i use an old G4 Mac Mini running 10.5 Leopard, and it's on 24/7
  it runs in headless mode (ie no monitor) and i remotely administer it using remote desktop (or logmein if i'm out the house).
  i have a 1TB WD Mybook hanging off it connected via Firewire and that stores all my itunes content.

• "From" presence not displaying in Outlook 2010

  I've been working on a software product aiming presence and im integration with Microsoft Outlook using IMessenger API.
  Integration works as expected with Outlook 2013. However, the presence indicator of the
  "from" or sender does not display in Outlook 2010. The to, cc and bcc fields all display presence properly. In Outlook 2013 however, all of the from, to, cc and bcc fields display presence.
  There is a similar discussion for Outlook 2013 on:
  http://social.technet.microsoft.com/Forums/office/en-US/a2500fec-fc3f-4295-bbe3-7620876a2d24/from-presence-not-displaying-in-outlook-2013
  My problem is similar to this one except that I've the same problem with Outlook 2010 and I don't have this problem with Outlook 2013. It may be resolved in Outlook 2013 with a hotfix I don't know. Does anybody have the same issue and have a fix or workaround
  for this situation? I have latest updates for Office 2010 already.
  A strange thing is that when I set the registry value HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Common\IM\TurnOffPresenceIcon to 1, presence indicators are disappear from contact names as expected, however when I hover over the sender it
  displays sender's presence correctly on tooltip. So integration seems ok when I look at this.
  when I set the registry value HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Common\IM\TurnOffPresenceIcon to 2, presence indicators are disappear from both contact names and tool tips as expected.
  when I set the registry value HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Common\IM\TurnOffPresenceIcon to 0, presence indicators are appear for contacts in to, cc, and bcc fields except "from" field, which is quite strange. After
  I move around between messages, some of the sender's presence indicators starts displaying.
  Does anybody know why the presence indicator is not displaying consistently for the "sender" contact in Outlook 2010 when TurnOffPresenceIcon has value 0? Does anybody have the same issue and have a fix or workaround for this situation?

  Hi,
  There is another registry value named TurnOffPresenceIntegration
  which also have an effect on the presence indicator, please find the
  Key in: HKEY_CURRENT_USER\software\microsoft\Office\14.0\Common\IM
  or Policy Key: HKEY_CURRENT_USER\software\Policies\microsoft\Office\14.0\Common\IM
  and then check if the key value is set to 0.
  For more information, please refer:
  http://support.microsoft.com/kb/2726007
  Regards,
  Steve Fan
  TechNet Community Support

• Adobe 9 Pro PROBLEM with Word 2010

  I upgradedd to Office 2010 Suite,  Purchased Adobe 9 Pro
  and installed it after I installed Office 2010.  Adobe does not show in the
  Word 2010 ribbon.  Called ADOBE they say they do not support ADOBE 9 and Office 2010.  HELP

  We are a training institution using the latest Microsoft Office Pro (2010) and Creative Suite Design Premium (CS5) suites.
  Pdfmaker has been a key part of the PDF Basics syllabus for some time and to have to wait till the end of 2011 for a solution (Creative Suite 6?) is a large inconvenience.
  Given that Adobe are still selling Acrobat 9 as a “current” product as part of the suites, I believe that a free upgade to Acrobat 9.xx that has the functionallity restored should be in order, rather than being told that “ps and by the way … the product that you bought TODAY doesn’t work and possibly never will unless you upgrade”!
  Spoke to Adobe customer support about this yesterday and their response was to downgrade to Office 2007 if pdfmaker is that important – a fairly arrogant approach.
  This is an Adobe problem, not Microsoft, as they are the 3rd party providing the plug-in. (Adobe are quick to point this out when it comes to Photoshop plug-ins.)
  As we advertise using the packaged suites upgrading an individual product outside of the automatic updates is not an option.