Jonathan Brossard

**Name of the Vulnerable Software and Affected Versions** hostapd versions prior to 2.6 **Description** The issue is related to the use of a low-quality pseudorandom number generator (PRNG) in hostapd. This PRNG is reached through an os random() function call. **Recommendations** For versions prior to 2.6, update to version 2.6 or later to resolve the issue.

**Nome do software vulnerável e versões afetadas** Versões do hostapd anteriores à 2.6 **Descrição** O problema está relacionado ao uso de valores determinísticos devido à ausência de chamadas para srand() ou srandom() antes do uso das funções da biblioteca padrão rand() e random() no modo EAP. Isso resulta no uso inadequado de valores determinísticos. A vulnerabilidade também está relacionada à falta de entropia na seleção do PIN para a certificação de dispositivos de rede sem fio WPA, o que pode ser explorado por um invasor remoto para causar uma negação de serviço. **Recomendações** Para versões do hostapd anteriores à 2.6, atualize para a versão 2.6 ou posterior para resolver o problema. Como solução temporária, considere desativar o uso das funções rand() e random() no modo EAP até que um patch esteja disponível.

**Name of the Vulnerable Software and Affected Versions** Perl versions 5.10.x **Description** The issue allows context-dependent attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash. This can be achieved by injecting arguments into certain function calls, including `getpeername`, `readdir`, `closedir`, `getsockname`, `rewinddir`, `tell`, or `telldir`. The vulnerability is related to a NULL pointer dereference in the `telldir` function of the Perl interpreter, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Perl version 5.10.x, consider disabling the `telldir` function as a temporary workaround until a patch is available. Additionally, restrict the ability to inject arguments into the affected function calls to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Opera versions prior to 10.61 **Description** The issue is related to the VEGAOpBitmap::AddLine function, which does not properly initialize memory during the processing of the SIZE attribute of a SELECT element. This allows remote attackers to trigger an invalid memory write operation by using a large integer attribute value, potentially causing a denial of service (application crash) or possibly executing arbitrary code. **Recommendations** For versions prior to 10.61, update to version 10.61 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** texlive-debuginfo-2007 versions 2007 texlive-dviutils-2007 versions 2007 texlive-context-2007 versions 2007 texlive-utils-2007 versions 2007 texlive-2007 versions 2007 t1lib versions 5.1.2 and earlier texlive-xetex-2007 versions 2007 mendexk-2.6e versions 2.6e texlive-dvips-2007 versions 2007 texlive-latex-2007 versions 2007 texlive-afm-2007 versions 2007 kpathsea-2007 versions 2007 kpathsea-devel-2007 versions 2007 texlive-east-asian-2007 versions 2007 **Description** The issue is related to multiple vulnerabilities in various packages of the texlive and t1lib software, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities affect various operating systems, including CentOS and Red Hat Enterprise Linux. The exploitation of these vulnerabilities can result in the execution of arbitrary code via a crafted Type 1 font in a PDF document. **Recommendations** For texlive-debuginfo-2007 version 2007, update to a newer version. For texlive-dviutils-2007 version 2007, update to a newer version. For texlive-context-2007 version 2007, update to a newer version. For texlive-utils-2007 version 2007, update to a newer version. For texlive-2007 version 2007, update to a newer version. For t1lib version 5.1.2 and earlier, update to a newer version. For texlive-xetex-2007 version 2007, update to a newer version. For mendexk-2.6e version 2.6e, update to a newer version. For texlive-dvips-2007 version 2007, update to a newer version. For texlive-latex-2007 version 2007, update to a newer version. For texlive-afm-2007 version 2007, update to a newer version. For kpathsea-2007 version 2007, update to a newer version. For kpathsea-devel-2007 version 2007, update to a newer version. For texlive-east-asian-2007 version 2007, update to a newer version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ghostscript (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in an incorrect pointer dereference and application crash, via crafted font data in a compressed data stream. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ghostscript versions prior to 8.71 **Description** The issue is related to an off-by-one error in the Ins MINDEX function within the TrueType bytecode interpreter. This error can be triggered by a malformed TrueType font in a document, leading to an integer overflow and a heap-based buffer overflow. As a result, remote attackers may be able to execute arbitrary code or cause a denial of service due to heap memory corruption. **Recommendations** For versions prior to 8.71, update to version 8.71 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** McAfee SafeBoot Device Encryption versions 4 build 4750 and earlier **Description** The issue allows local users to obtain sensitive information by reading physical memory locations. This is due to the storage of pre-boot authentication passwords in the BIOS Keyboard buffer without clearing this buffer after use. **Recommendations** For versions 4 build 4750 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Sophos SAVScan version 4.33.0 Description: The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted files packed with `armadillo`, `asprotect`, or `asprotectSKE`. Recommendations: For Sophos SAVScan version 4.33.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Sophos Anti-Virus for Windows versions prior to 7.6.3 Sophos Anti-Virus for Windows NT/9x versions prior to 4.7.18 Sophos Anti-Virus for OS X versions prior to 4.9.18 Sophos Anti-Virus for Linux versions prior to 6.4.5 Sophos Anti-Virus for UNIX versions prior to 7.0.5 Sophos Anti-Virus for Unix and Netware versions prior to 4.37.0 Sophos EM Library (affected versions not specified) Sophos small business solutions (affected versions not specified) Description: The issue allows remote attackers to cause a denial of service via a "fuzzed" CAB archive file. This can be demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats. The problem occurs when CAB archive scanning is enabled. Recommendations: For Sophos Anti-Virus for Windows versions prior to 7.6.3, update to version 7.6.3 or later. For Sophos Anti-Virus for Windows NT/9x versions prior to 4.7.18, update to version 4.7.18 or later. For Sophos Anti-Virus for OS X versions prior to 4.9.18, update to version 4.9.18 or later. For Sophos Anti-Virus for Linux versions prior to 6.4.5, update to version 6.4.5 or later. For Sophos Anti-Virus for UNIX versions prior to 7.0.5, update to version 7.0.5 or later. For Sophos Anti-Virus for Unix and Netware versions prior to 4.37.0, update to version 4.37.0 or later. For Sophos EM Library and Sophos small business solutions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bitdefender for Linux versions 7.60825 and earlier **Description** The issue is related to multiple integer overflows in the scanning engine, which can be exploited by remote attackers using malformed NeoLite and ASProtect packed PE files. This can cause a denial of service, resulting in a crash, or possibly allow the execution of arbitrary code. **Recommendations** For Bitdefender for Linux versions 7.60825 and earlier, update to a version later than 7.60825 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062.

**Name of the Vulnerable Software and Affected Versions** F-Prot version 4.6.8 **Description** The issue allows remote attackers to bypass anti-virus protection. This is achieved by using a crafted ELF program with a `corrupted` header that still allows the program to be executed. **Recommendations** For F-Prot version 4.6.8, consider updating to a newer version that addresses this issue, as the current version allows attackers to bypass anti-virus protection with specially crafted ELF programs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TrueCrypt version 5.0 **Description** The issue allows local users to obtain sensitive information by reading physical memory locations. This is due to the storage of pre-boot authentication passwords in the BIOS Keyboard buffer without properly clearing the buffer before and after use. **Recommendations** For TrueCrypt version 5.0, consider disabling the pre-boot authentication feature until a proper fix is implemented to clear the BIOS Keyboard buffer after use.

**Name of the Vulnerable Software and Affected Versions** Secu Star DriveCrypt Plus Pack version 3.9 **Description** The issue concerns the storage of pre-boot authentication passwords in the BIOS Keyboard buffer. The software does not clear this buffer before and after use, allowing local users to obtain sensitive information by reading the physical memory locations associated with this buffer. **Recommendations** For Secu Star DriveCrypt Plus Pack version 3.9, consider clearing the BIOS Keyboard buffer manually after each use as a temporary workaround to minimize the risk of sensitive information exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Lenovo firmware version 7CETB5WW 2.05 **Description** The issue allows local users to obtain sensitive information by reading physical memory locations associated with the BIOS Keyboard buffer, which stores pre-boot authentication passwords and is not cleared after use. This enables a local attacker to access the BIOS password by directly reading the physical memory addresses used as the buffer. **Recommendations** For IBM Lenovo firmware version 7CETB5WW 2.05, consider clearing the BIOS Keyboard buffer after each use as a mitigation measure until a patch is available. Restrict physical access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Grub Legacy versions 0.97 and earlier **Description** The issue allows local users to obtain sensitive information by reading physical memory locations. This is due to the storage of pre-boot authentication passwords in the BIOS Keyboard buffer without proper clearing before and after use. **Recommendations** For Grub Legacy versions 0.97 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HP firmware version 68DTT F.0D **Description** The issue allows local users to obtain sensitive information by reading physical memory locations. This is due to the storage of pre-boot authentication passwords in the BIOS Keyboard buffer, which is not cleared after use. **Recommendations** For HP firmware version 68DTT F.0D, consider clearing the BIOS Keyboard buffer after use to prevent sensitive information from being obtained. As a temporary workaround, restrict physical access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel firmware version 0050.2007.0710.1559 **Description** The issue allows local users to obtain sensitive information, specifically pre-boot authentication passwords, by reading physical memory locations associated with the BIOS Keyboard buffer. This is possible because the passwords are stored in the buffer and not cleared after use. **Recommendations** For Intel firmware version 0050.2007.0710.1559, consider disabling the pre-boot authentication feature until a patch is available to clear the BIOS Keyboard buffer after use. Restrict physical access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.