@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: RealNetworks RealPlayer and RealPlayer SP Multiple Security Vulnerabilities
• (2) HIGH: Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 10.36.1 - Insecure DLL Loading Issues
• 10.36.2 - Apple QuickTime "_Marshaled_pUnk" Remote Code Execution
• 10.36.3 - Trend Micro Internet Security Pro ActiveX Control Remote Code Execution
• 10.36.4 - Bloodshed Dev-C++ Multiple EXE Loading Arbitrary Code Execution
• 10.36.5 - Adobe Shockwave Player "DIRAPIX.dll" File Remote Memory Corruption

Mac Os

• 10.36.6 - Apple Mac OS X Invalid Host Name SSL Certificate Validation Security Bypass

Linux

• 10.36.7 - Red Hat GNOME Display Manager 64-Bit Operation Security Bypass
• 10.36.8 - Multiple Linux Distributions CouchDB "LD_LIBRARY_PATH" Remote Code Execution
• 10.36.9 - Red Hat qspice-client Race Condition

HP-UX

• 10.36.10 - HP-UX Software Distributor Unspecified Local Privilege Escalation

Novell

• 10.36.11 - Novell Identity Manager "/tmp/idmInstall.log" Information Disclosure

Cross Platform

• 10.36.12 - FCKEditor.NET File Renaming Remote Code Execution Weakness
• 10.36.13 - Apple Safari "webkit.dll" Invalid SGV Text Style Denial of Service
• 10.36.14 - Cisco Border Gateway Protocol Unknown Attribute Denial of Service
• 10.36.15 - Mereo "GET" Request Remote Buffer Overflow
• 10.36.16 - Qt SSL Certificate IP Address Wildcard Validation Security Bypass
• 10.36.17 - IBM WebSphere Application Server Web Services Time Stamp Unspecified Security Vulnerability
• 10.36.18 - Real Networks RealPlayer & RealPlayer SP Multiple Security Vulnerabilities
• 10.36.19 - Fedora SSSD LDAP Unauthenticated Bind Security Bypass
• 10.36.20 - KDE Okular PDB File Parsing RLE Decompression Buffer Overflow
• 10.36.21 - Cisco Unified Communications Manager SIP Message Denial of Service
• 10.36.22 - HP MagCloud Unspecified Security Bypass
• 10.36.23 - Quagga bgpd Route-Refresh Message Stack Buffer Overflow
• 10.36.24 - HP OpenView Network Node Manager Unspecified Remote Code Execution
• 10.36.25 - Ghostscript TrueType Bytecode Interpreter Heap-Based Memory Corruption
• 10.36.26 - Quagga bgpd Null Pointer Deference Denial of Service
• 10.36.27 - Squid "DNS" Reply Remote Buffer Overflow

Web Application - Cross Site Scripting

• 10.36.28 - MODx Evolution "editor.php" Cross-Site Scripting

Web Application - SQL Injection

• 10.36.29 - GaleriaSHQIP "album_id" Parameter SQL Injection
• 10.36.30 - Seagull "frmQuestion" Parameter SQL Injection
• 10.36.31 - BlogMan "id" Parameter SQL Injection
• 10.36.32 - BugTracker.NET "search.aspx" SQL Injection
• 10.36.33 - Nagios XI "users.php" SQL Injection

Web Application

• 10.36.34 - S9Y Serendipity "include/functions_config.inc.php" HTML Injection
• 10.36.35 - pecio cms "template" Parameter Multiple Remote File Include Vulnerabilities
• 10.36.36 - Anantasoft Gazelle CMS "frmupload.html" Arbitrary File Upload
• 10.36.37 - Valarsoft WebMatic Multiple HTML Injection Vulnerabilities
• 10.36.38 - ClanSphere "index.php" SQL Injection and Cross Site Scripting Vulnerabilities

Network Device

• 10.36.39 - TANDBERG MXP Series Video Conferencing Device Remote Denial of Service
• 10.36.40 - SEIL Routers IPv6 Unicast RPF Spoofing

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 36, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilitis from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9819 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 10.36.1 - CVE: Not Available2264107 to address this issue.
• Platform: Third Party Windows Apps
• Title: Insecure DLL Loading Issues
• Description: There are many third party windows applications exposed to insecure DLL loading issues. Microsoft has released a KB article
• Ref: http://support.microsoft.com/kb/2264107

• 10.36.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Apple QuickTime "_Marshaled_pUnk" Remote Code Execution
• Description: Apple QuickTime is a media player that supports multiple file formats. Apple QuickTime is exposed to a remote code execution issue because it fails to sufficiently validate user-supplied data. Successful exploits will allow the attacker to execute arbitrary code within the context of the application, typically Internet Explorer, that uses the ActiveX control. Windows 7, Vista, and XP platforms are affected.
• Ref: http://support.microsoft.com/kb/240797

• 10.36.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Trend Micro Internet Security Pro ActiveX Control Remote Code Execution
• Description: Trend Micro Internet Security Pro is a software security suite. Trend Micro Internet Security Pro is exposed to a remote code execution issue that affects the "extSetOwner()" method of the "PBCtrl.dll" ActiveX control. Trend Micro Internet Security Pro 2010 is affected.
• Ref: http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote
  -attackers.aspx

• 10.36.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Bloodshed Dev-C++ Multiple EXE Loading Arbitrary Code Execution
• Description: Bloodshed Dev-C++ is a freely available development tool for building applications on Microsoft platforms. Bloodshed Dev-C++ is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the application searches for the "make.exe" and "mingw32-make.exe" binaries in the current working directory. Bloodshed Dev-C++ version 4.9.9.2 is affected.
• Ref: http://www.microsoft.com/technet/security/advisory/2269637.mspx

• 10.36.5 - CVE: CVE-2010-2868, CVE-2010-2870, CVE-2010-2876,CVE-2010-2877, CVE-2010-2874, CVE-2010-2878, CVE-2010-2873,CVE-2010-2864, CVE-2010-2866, CVE-2010-2863, CVE-2010-2869,CVE-2010-2865, CVE-2010-2882, CVE-2010-2881, CVE-2010-2880,CVE-2010-2879, CVE-2010-2875,
• Platform: Third Party Windows Apps
• Title: Adobe Shockwave Player "DIRAPIX.dll" File Remote Memory Corruption
• Description: Adobe Shockwave Player is a multimedia player application. Adobe Shockwave Player is exposed to a remote memory corruption issue. Specifically, the "DIRAPIX.dll" file, which is responsible for parsing the Director movies of the RIFF-based file format, is affected. Adobe Shockwave Player version 11.5.7.609 and earlier are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb10-20.html

• 10.36.6 - CVE: CVE-2010-1802, CVE-2010-1801, CVE-2010-1808,CVE-2010-1800
• Platform: Mac Os
• Title: Apple Mac OS X Invalid Host Name SSL Certificate Validation Security Bypass
• Description: Apple Mac OS X is exposed to a security bypass issue in the "libsecurity" component because it fails to properly validate the host name in a signed CA certificate. Mac OS X and Mac OS X Server versions 10.5.8 and 10.6.4 are affected.
• Ref: http://www.apple.com/support/downloads

• 10.36.7 - CVE: CVE-2007-5079
• Platform: Linux
• Title: Red Hat GNOME Display Manager 64-Bit Operation Security Bypass
• Description: The Red Hat GNOME Display Manager (GDM) is a display manager for the X Window System. The Red Hat GDM package is exposed to an issue that may create a false sense of security. Specifically, the package is built without TCP wrappers support on 64-bit platforms.
• Ref: http://www.gnome.org/projects/gdm/

• 10.36.8 - CVE: Not Available
• Platform: Linux
• Title: Multiple Linux Distributions CouchDB "LD_LIBRARY_PATH" Remote Code Execution
• Description: Multiple Linux distributions are exposed to a remote code execution issue that affects Apache CouchDB installations. This problem occurs because the current working directory is prefixed to the "LD_LIBRARY_PATH" list when CouchDB scripts ("/usr/bin/couchdb") are executed.
• Ref: http://seclists.org/oss-sec/2010/q3/234

• 10.36.9 - CVE: CVE-2010-2792, CVE-2010-2794
• Platform: Linux
• Title: Red Hat qspice-client Race Condition
• Description: qspice-client is a remote desktop application for Linux based systems. qspice-client is exposed to a race condition issue that a local attacker can use to force SPICE (Simple Protocol for Independent Computing Environments) communication over an attacker controlled socket.
• Ref: https://rhn.redhat.com/errata/RHSA-2010-0651.html

• 10.36.10 - CVE: CVE-2010-2712
• Platform: HP-UX
• Title: HP-UX Software Distributor Unspecified Local Privilege Escalation
• Description: Software Distributor is a set of tools used for managing HP-UX software packages. Software Distributor is exposed to an unspecified local privilege escalation issue. HP-UX versions B.11.11, B.11.23 and B.11.31 are affected.
• Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02285980

• 10.36.11 - CVE: Not Available
• Platform: Novell
• Title: Novell Identity Manager "/tmp/idmInstall.log" Information Disclosure
• Description: Novell Identity Manager is an application used for automating identity management. Novell Identity Manager is exposed to an information disclosure issue. Specifically, it stores administrative credentials entered during installations and other insensitive information in the "/tmp/idmInstall.log" file. Novell Identity Manager version 3.6.1 is affected.
• Ref: http://www.novell.com/support/viewContent.do?externalId=7006705

• 10.36.12 - CVE: Not Available
• Platform: Cross Platform
• Title: FCKEditor.NET File Renaming Remote Code Execution Weakness
• Description: FCKEditor.NET is a WYSIWYG text editor. FCKEditor.NET is exposed to a security weakness that may allow attackers to execute arbitrary code. This issue occurs because of an error when renaming files. FCKEditor.NET versions prior to 2.6.4 are affected.
• Ref: http://ckeditor.com/blog/FCKeditor.Net_2.6.4_released

• 10.36.13 - CVE: Not Available
• Platform: Cross Platform
• Title: Apple Safari "webkit.dll" Invalid SGV Text Style Denial of Service
• Description: Apple Safari is a web browser for multiple operating platforms. Apple Safari is exposed to a denial of service issue because it fails to properly handle an SGV image with a long font size text style. Apple Safari version 5.0.1 is affected.
• Ref: http://lostmon.blogspot.com/2010/08/safari-for-windows-invalid-sgv-text.html

• 10.36.14 - CVE: CVE-2010-3035
• Platform: Cross Platform
• Title: Cisco Border Gateway Protocol Unknown Attribute Denial of Service
• Description: Cisco IOS XR is exposed to a denial of service issue that occurs when the Border Gateway Protocol peer announces a prefix with a valid but unrecognized transitive attribute. When Cisco IOS XR receives the attribute, it will corrupt the attribute before sending it to other devices.
• Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.s
  html

• 10.36.15 - CVE: Not Available
• Platform: Cross Platform
• Title: Mereo "GET" Request Remote Buffer Overflow
• Description: Mereo is an FTP server for Microsoft Windows. Mereo is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized memory buffer. Mereo version 1.9.2 is affected.
• Ref: http://www.assembla.com/spaces/mereo/wiki?id=bMd54a1Xer3OfueJe5aVNr

• 10.36.16 - CVE: Not Available
• Platform: Cross Platform
• Title: Qt SSL Certificate IP Address Wildcard Validation Security Bypass
• Description: Qt is a cross-platform application development framework for GUI programs. The application is exposed to a security bypass issue because it fails to properly validate the SSL certificates. Qt versions 4.6 and earlier are affected.
• Ref: http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt

• 10.36.17 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM WebSphere Application Server Web Services Time Stamp Unspecified Security Vulnerability
• Description: IBM WebSphere Application Server is a web server. IBM WebSphere Application Server is exposed to an unspecified issue that affects the Web Services component when Java API for XML Web Services (JAX-WS) application with the WS-Security policy specifies a Time Stamp value.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21443736

• 10.36.18 - CVE:CVE-2010-0116,CVE-2010-0117,CVE-2010-0120,CVE-2010-2996,CVE-2010-3000,CVE-2010-3001,CVE-2010-3002
• Platform: Cross Platform
• Title: Real Networks RealPlayer & RealPlayer SP Multiple Security Vulnerabilities
• Description: Real Networks RealPlayer is an application that allows users to play various media formats. Successful exploits will allow remote attackers to execute arbitrary code within the context of the affected application, cause denial of service or access files without proper authorization. RealPlayer version 11.1 and RealPlayer SP 1.1.4 and earlier are affected.
• Ref: http://service.real.com/realplayer/security/08262010_player/en/

• 10.36.19 - CVE: CVE-2010-2940
• Platform: Cross Platform
• Title: Fedora SSSD LDAP Unauthenticated Bind Security Bypass
• Description: Fedora SSSD provides a set of daemons to manage access to remote directories and other authentication mechanisms. The application is exposed to a security bypass issue because it accepts empty passwords. Attackers can exploit this issue to gain unauthorized access to affected computers.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2940

• 10.36.20 - CVE: CVE-2010-2575
• Platform: Cross Platform
• Title: KDE Okular PDB File Parsing RLE Decompression Buffer Overflow
• Description: KDE (K Desktop Environment) is a desktop for Unix variants. Okular is a universal document viewer based on KPDF. KDE Okular is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. KDE versions prior to 4.4.5 are affected.
• Ref: http://www.kde.org/info/security/advisory-20100825-1.txt

• 10.36.21 - CVE: CVE-2010-2837, CVE-2010-2838, CVE-2010-2839,CVE-2010-2840
• Platform: Cross Platform
• Title: Cisco Unified Communications Manager SIP Message Denial of Service
• Description: Cisco Unified Communications Manager (CUCM) is a software based call processing component of the Cisco IP telephony solution. CUCM is exposed to a denial of service issue when handling specially crafted SIP messages.
• Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.s
  html

• 10.36.22 - CVE: CVE-2010-2711
• Platform: Cross Platform
• Title: HP MagCloud Unspecified Security Bypass
• Description: HP MagCloud is an application for Apple iPad. The application is exposed to an unspecified security bypass issue that allows attackers to bypass security restrictions. HP MagCloud versions prior to 1.0.5 are affected.
• Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02478639

• 10.36.23 - CVE: Not Available
• Platform: Cross Platform
• Title: Quagga bgpd Route-Refresh Message Stack Buffer Overflow
• Description: Quagga is routing software for multiple Unix platforms, including Linux and BSD. Quagga is exposed to a stack-based buffer overflow issue that affects the Border Gateway Protocol daemon (bgpd). Specifically, this issue occurs when processing a specially crafted "Route-Refresh" message. Quagga versions prior to 0.99.17 are affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=626783

• 10.36.24 - CVE: CVE-2010-2710
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager Unspecified Remote Code Execution
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to an unspecified remote code execution issue. HP OpenView Network Node Manager versions 7.51 and 7.53 are affected.
• Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01926980

• 10.36.25 - CVE: CVE-2009-3743
• Platform: Cross Platform
• Title: Ghostscript TrueType Bytecode Interpreter Heap-Based Memory Corruption
• Description: Ghostscript is a set of tools and libraries for handling Portable Document Format (PDF) and PostScript files. Ghostscript is exposed to a memory corruption issue in its TrueType bytecode interpreter. Ghostscript versions prior to 8.71 are affected.
• Ref: http://www.kb.cert.org/vuls/id/644319

• 10.36.26 - CVE: Not Available
• Platform: Cross Platform
• Title: Quagga bgpd Null Pointer Deference Denial of Service
• Description: Quagga is routing software for multiple Unix platforms, including Linux and BSD. Quagga is exposed to a remote denial of service issue caused by a NULL-pointer dereference in the Border Gateway Protocol daemon (bgpd). Quagga versions prior to 0.99.17 are affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=626795

• 10.36.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Squid "DNS" Reply Remote Buffer Overflow
• Description: Squid is a caching proxy for the Web. Squid is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Squid version 3.1.6 is affected.
• Ref: http://marc.info/?l=squid-users&m=128263555724981&w=2

• 10.36.28 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: MODx Evolution "editor.php" Cross-Site Scripting
• Description: MODx Evolution is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "img" parameter of the "manager/media/ImageEditor/editor.php" script. MODx Evolution version 1.0.4 is affected.
• Ref: http://seclists.org/fulldisclosure/2010/Aug/256

• 10.36.29 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: GaleriaSHQIP "album_id" Parameter SQL Injection
• Description: GaleriaSHQIP is a PHP-based photo gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. GaleriaSHQIP version 1.0 is affected.
• Ref: http://www.galeriashqip.com

• 10.36.30 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Seagull "frmQuestion" Parameter SQL Injection
• Description: Seagull is a web-based framework for building PHP applications. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "frmQuestion" parameter of the "index.php/user/password" script when "action" is set to "retrieve" before using it in an SQL query.
• Ref: http://seagullproject.org/

• 10.36.31 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: BlogMan "id" Parameter SQL Injection
• Description: BlogMan is a blogging application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. BlogMan version 0.7.1 is affected.
• Ref: http://sourceforge.net/projects/blogman/

• 10.36.32 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: BugTracker.NET "search.aspx" SQL Injection
• Description: BugTracker.NET is a web-based bug or issue tracker. BugTracker.NET is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to "Custom Fields" in the "search.aspx" script before using it an SQL query. BugTracker.NET versions prior to 3.4.4 are affected.
• Ref: http://sourceforge.net/projects/btnet/files/btnet_3_4_4_release_notes.txt/view

• 10.36.33 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Nagios XI "users.php" SQL Injection
• Description: Nagios XI is an IT infrastructure monitoring system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "records" parameter of the "admin/users.php" script before using it in an SQL query. Nagios XI versions prior to 2009R1.3 are affected.
• Ref: http://ngenuity-is.com/advisories/2010/aug/24/nagios-xi-usersphp-sql-injection

• 10.36.34 - CVE: Not Available
• Platform: Web Application
• Title: S9Y Serendipity "include/functions_config.inc.php" HTML Injection
• Description: Serendipity is a web-log application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue affects the "include/functions_config.inc.php" script. Serendipity versions prior to 1.5.4 are affected.
• Ref: http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html

• 10.36.35 - CVE: Not Available
• Platform: Web Application
• Title: pecio cms "template" Parameter Multiple Remote File Include Vulnerabilities
• Description: pecio cms is a PHP-based content management system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. pecio cms version 2.0.5 is affected.
• Ref: http://pecio-cms.com/

• 10.36.36 - CVE: Not Available
• Platform: Web Application
• Title: Anantasoft Gazelle CMS "frmupload.html" Arbitrary File Upload
• Description: Anantasoft Gazelle CMS is a PHP-based content management application. The application is exposed to an arbitrary file upload issue because it fails to properly sanitize user-supplied input.
• Ref: http://www.anantasoft.com/index.php?Gazelle%20CMS

• 10.36.37 - CVE: Not Available
• Platform: Web Application
• Title: Valarsoft WebMatic Multiple HTML Injection Vulnerabilities
• Description: Valarsoft WebMatic is an application that allows users to develop websites. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input to the "home" parameter in the "content preferences editing" section, and the "subtitle" parameter in the "page editing" section. Valarsoft WebMatic version 3.0.5 is affected.
• Ref: http://www.valarsoft.com

• 10.36.38 - CVE: Not Available
• Platform: Web Application
• Title: ClanSphere "index.php" SQL Injection and Cross Site Scripting Vulnerabilities
• Description: ClanSphere is a PHP-based content manager. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. ClanSphere version 2010.0 RC 2 Patch 2 is affected.
• Ref: http://www.clansphere.net/

• 10.36.39 - CVE: Not Available
• Platform: Network Device
• Title: TANDBERG MXP Series Video Conferencing Device Remote Denial of Service
• Description: TANDBERG MXP Series devices are for desktop video conferencing. The devices are exposed to a remote denial of service issue because they fail to properly validate user-supplied data. TANDBERG MXP Series devices with version F8.2 is affected.
• Ref: ftp://ftp.tandberg.com/pub/software/endpoints/mxp/TANDBERG%20MXP%20Endpoints%20Software%20Release%20Notes%20%28F9%29.pdf

• 10.36.40 - CVE: Not Available
• Platform: Network Device
• Title: SEIL Routers IPv6 Unicast RPF Spoofing
• Description: SEIL routers are network devices. The devices are exposed to a spoofing issue because they fail to properly filter Unicast messages when the IPv6 Unicast Reverse Path Forwarding (RPF) feature is enabled.
• Ref: http://www.seil.jp/seilseries/security/2010/a00875.php

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/