|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 9 No. 16
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Apr 15 2010 - 21:59:24 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
RISK: The Consensus Security Vulnerability Alert
Apr 15th, 2010 Vol. 9. Week 16
******************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Windows 15 (#1, #2, #3, #9, #10, #11, #12)
Other Microsoft Products 2 (#4, #5)
Third Party Windows Apps 2
Mac Os 12
Linux 2
Cross Platform 40 (#6, #7, #8)
Web Application - Cross Site Scripting 3
Web Application - SQL Injection 3
Web Application 22
Network Device 2
**************** Sponsored By Trusted Computer Solutions ****************
OS hardening is risky business when relying on manual scripts to secure
your enterprise. Security Blanket automates this error prone process for
consistent hardening to guidelines such as DISA STIGs and SANS CAG Top
20 Critical Controls. Saving time and complying with policy is what
Security Blanket is all about. Try it for FREE today!
http://www.sans.org/info/57893
*************************************************************************
TRAINING UPDATE
- -- SANS Security West 2010, San Diego, May 7-15, 2010
23 courses. Bonus evening presentations include Killer Bee:
Exploiting ZigBee and the Kinetic World
http://www.sans.org/security-west-2010/
- -- SANSFIRE 2010, Baltimore, June 6-14, 2010
38 courses. Bonus evening presentations include Software Security
Street Fighting Style and The Verizon Data Breach Investigations
Report
http://www.sans.org/sansfire-2010/
- -- SANS Secure Europe Amsterdam 2010, June 21-July 3, 2010
8 courses.
http://www.sans.org/secure-amsterdam-2010/
- -- SANS Rocky Mountain 2010, Denver, July 12-17, 2010
8 courses. Bonus evening presentations include Hiding in Plain Sight:
Forensic techniques to Counter the Advanced Persistent Threat
http://www.sans.org/rocky-mountain-2010/
- -- SANS Boston 2010, August 2-8, 2010
11 courses
http://www.sans.org/boston-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus Geneva, Toronto, Singapore and Canberra all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Microsoft Windows SMB Client Multiple Vulnerabilities (MS10-020)
(2) CRITICAL: Microsoft MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability (MS10-026)
(3) CRITICAL: Microsoft Windows Media Player ActiveX Control Code Execution Vulnerability (MS10-027)
(4) CRITICAL: Microsoft Office Publisher Buffer Overflow Vulnerability (MS10-023)
(5) CRITICAL: Microsoft Office Visio Multiple Vulnerabilities (MS10-028)
(6) CRITICAL: Adobe Reader and Acrobat Multiple Vulnerabilities
(7) CRITICAL: Oracle Multiple Products Multiple Vulnerabilities (CPU Apr 2010)
(8) CRITICAL: VMware Multiple Products Multiple Vulnerabilities
(9) HIGH: Microsoft Windows Media Services Buffer Overflow Vulnerability (MS10-025)
(10) HIGH: Microsoft Windows Authenticode Signature Verification Multiple Vulnerabilities (MS10-019)
(11) MODERATE: Microsoft Windows SMTP Server Multiple Vulnerabilities (MS10-024)
(12) MODERATE: Microsoft Windows ISATAP Component Address Spoofing Vulnerability (MS10-029)
************************ Sponsored Link: *************************
1) SIEM 2.0 - VIEW Demo of SC Magazine's Best Buy and Innovator of the Year.
http://www.sans.org/info/57898
******************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Windows
10.16.1 - Microsoft Windows Kernel NULL Pointer Local Denial of Service
10.16.2 - Microsoft Windows SMTP Server MX Record Denial of Service
10.16.3 - Microsoft Windows Kernel Symbolic Link Local Denial of Service
10.16.4 - Microsoft Windows SMB Client Memory Allocation Remote Code Execution
10.16.5 - Microsoft Windows Kernel Invalid Registry Key Local Denial of Service
10.16.6 - Microsoft Windows Kernel Virtual Path Local Denial of Service
10.16.7 - Microsoft Windows Kernel Image File Relocation Local Denial of Service
10.16.8 - Microsoft Windows Kernel Exception Handling Local Denial of Service
10.16.9 - Microsoft Windows Kernel Registry Key Symbolic Link Local Privilege Escalation
10.16.10 - Microsoft Windows Kernel Symbolic Link Creation Local Privilege Escalation
10.16.11 - Microsoft Windows Authenticode Signature Verification Remote Code Execution
10.16.12 - Microsoft Windows Cabinet File Viewer Cabview Validation Remote Code Execution
10.16.13 - Microsoft Windows Media Player ActiveX Control Remote Code Execution
10.16.14 - Microsoft Windows ISATAP Component IPv6 Address Spoofing
10.16.15 - Microsoft Windows SMTP Server Memory Allocation Information Disclosure
-- Other Microsoft Products
10.16.16 - Microsoft Visio Attribute Validation Memory Corruption Remote Code Execution
10.16.17 - Microsoft Visio Index Calculation Memory Corruption Remote Code Execution
-- Third Party Windows Apps
10.16.18 - JustSystems Ichitaro Font Information Processing Remote Code Execution
10.16.19 - WinSoftMagic Photo Editor PNG File Buffer Overflow
-- Mac Os
10.16.20 - Apple Mac OS X Firewall Blacklist Denial of Service
10.16.21 - Apple Mac OS X Mail Rule Association Data Integrity Security
10.16.22 - Apple Mac OS X Password Server Outdated Password Security Bypass
10.16.23 - Apple Mac OS X SFLServer Local Privilege Escalation
10.16.24 - Apple Mac OS X Image RAW Component NEF File Remote Buffer Overflow
10.16.25 - Apple Mac OS X Podcast Producer Access Validation
10.16.26 - Apple Mac OS X Mail Encryption Certificate Selection in Keychain Security Bypass
10.16.27 - Apple Mac OS X Open Directory Anonymous Access Security Bypass
10.16.28 - Apple Mac OS X Wiki Server File Upload Security Bypass
10.16.29 - Apple Mac OS X Server Admin Screen Sharing Security Bypass
10.16.30 - Apple Mac OS X Wiki Server Weblog SACL Security Bypass
10.16.31 - Apple Mac OS X iChat Server Logging Security Bypass
-- Linux
10.16.32 - Linux Kernel ReiserFS Security Bypass
10.16.33 - "am-utils" Package "amqsvc_is_client_allowed()" Security Bypass
-- Cross Platform
10.16.34 - Virata EmWeb URI Remote Denial Of Service
10.16.35 - udisks "probers/udisks-dm-export.c" Local Information Disclosure
10.16.36 - abcm2ps Versions Prior to 5.9.12 Multiple Vulnerabilities
10.16.37 - AnyZip ZIP File Remote Buffer Overflow
10.16.38 - xar Package Signature Validation Remote Security Bypass
10.16.39 - Mozilla Firefox Remote Memory Corruption
10.16.40 - IBM WebSphere Application Server for z/OS Admin Console Unspecified Security Vulnerabilities
10.16.41 - IBM WebSphere Portal Login Unspecified Security
10.16.42 - IBM Systems Director Agent Insecure File Permissions Vulnerabilities
10.16.43 - MoinMoin "TextCha" Protection Security Bypass
10.16.44 - Jzip ZIP File Remote Buffer Overflow
10.16.45 - AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
10.16.46 - VMware Hosted Products VMSA-2010-0007 Multiple Remote Vulnerabilities
10.16.47 - Fujitsu Accela BizSearch Unspecified Search Result Information Disclosure
10.16.48 - Aladdin eToken PKI Client ETV File Remote Code Execution
10.16.49 - F-Secure Multiple Products Scan Evasion Vulnerabilities
10.16.50 - Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities
10.16.51 - TANDBERG Video Communication Server Multiple Remote Vulnerabilities
10.16.52 - VMware Hosted Products VMware Tools Library Reference Remote Code Execution
10.16.53 - VMware Hosted Products VMware Tools Local Privilege Escalation
10.16.54 - VMware Hosted Products "vmware-vmx" Virtual Network Stack Information Disclosure
10.16.55 - VMware Remote Console "connect" Method Remote Format String
10.16.56 - Trend Micro Internet Security Toolbar Denial of Service
10.16.57 - VMware "vmrun" Local Privilege Escalation
10.16.58 - Adobe Acrobat and Reader Embedded Font Handling Remote Code Execution
10.16.59 - Oracle DatabaseRemote XML DB
10.16.60 - Oracle Database Remote Change Data Capture
10.16.61 - Oracle E-Business Suite Oracle iStore Remote
10.16.62 - Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne PeopleTools
10.16.63 - Oracle E-Business Suite Oracle HRMS (Self Service) Remote
10.16.64 - Oracle Database Remote JavaVM
10.16.65 - Oracle Database Remote Audit
10.16.66 - Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne PeopleTools
10.16.67 - Oracle E-Business Suite Oracle Agile Engineering Data Management Remote
10.16.68 - Oracle E-Business Suite Remote Oracle Workflow Cartridge
10.16.69 - Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne PeopleTools
10.16.70 - Oracle Fusion Middleware Remote Portal
10.16.71 - Oracle E-Business Suite Oracle Application Object Library Remote
10.16.72 - Adobe Acrobat and Reader X3D Component Remote Code Execution
10.16.73 - Adobe Acrobat and Reader "CoolType.dll" Remote Code Execution
-- Web Application - Cross Site Scripting
10.16.74 - Drupal Internationalization Module Cross-Site Scripting Vulnerabilities
10.16.75 - Istgah For Centerhost "view_ad.php" Cross-Site Scripting
10.16.76 - Almas Compiere Unspecified Cross-Site Scripting
-- Web Application - SQL Injection
10.16.77 - MODx Evolution Cross-Site Scripting and SQL Injection Vulnerabilities
10.16.78 - Simple Gallery "cid" Parameter SQL Injection
10.16.79 - xbtit "functions.php" SQL Injection
-- Web Application
10.16.80 - MediaWiki Cross-Site Request Forgery
10.16.81 - PotatoNews "nid" Parameter Multiple Local File Include Vulnerabilities
10.16.82 - FreePHPWebsiteSoftware "default_theme.php" Remote File Include
10.16.83 - vel File Uploader Remote File Upload
10.16.84 - n-cms-equipe Multiple Local File Include Vulnerabilities
10.16.85 - Plume CMS Multiple Local File Include Vulnerabilities
10.16.86 - Drupal Views Module Cross-Site Scripting and PHP Code Injection Vulnerabilities
10.16.87 - TCPDF "params" Attribute Remote Code Execution Weakness
10.16.88 - Smileys Module For Drupal Delete URI Cross-Site Request Forgery
10.16.89 - AWD Solution AWDwall Component for Joomla! "controller" Parameter Local File Include
10.16.90 - givesight PowerMail Pro Component for Joomla! Local File Include
10.16.91 - Nodesforum Multiple Remote File Include Vulnerabilities
10.16.92 - JProject Manager Joomla! Component "controller" Parameter Local File Include
10.16.93 - AlphaUserPoints Joomla! Component "view" Parameter Local File Include
10.16.94 - MyBB "set_common_header()" Email BCC Header Injection
10.16.95 - MyBB Insecure Random Password Generation
10.16.96 - Pulse CMS Arbitrary File Upload
10.16.97 - Blog System Multiple Input Validation Vulnerabilities
10.16.98 - FusionForge Multiple Remote File Include Vulnerabilities
10.16.99 - openUrgence Vaccin Multiple Local and Remote File Include Vulnerabilities
10.16.100 - openMairie openMaincourante Local and Remote File Include Vulnerabilities
10.16.101 - Vana CMS "filename" Parameter Remote File Download
-- Network Device
10.16.102 - Edimax AR-7084gA Wireless ADSL Router Cross-Site Request Forgery
10.16.103 - VMware Hosted Products USB Service Local Privilege Escalation
-- Network Device
10.16.102 - Edimax AR-7084gA Wireless ADSL Router Cross-Site Request Forgery
10.16.103 - VMware Hosted Products USB Service Local Privilege Escalation
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rohan Kotian at TippingPoint,
a division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Microsoft Windows SMB Client Multiple Vulnerabilities (MS10-020)
Affected:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems*
Windows Server 2008 R2 for Itanium-based Systems
Description: Multiple vulnerabilities have been identified in
Microsoft's Server Message Block (SMB) implementation, a standard
protocol for resource, file, and printer sharing in Microsoft Windows
installations. The first issue is a denial of service vulnerability
caused by an error in the way Microsoft SMB client handles incomplete
SMB responses. The second issue is a code execution vulnerability caused
by an error in the way Microsoft SMB client allocates memory while
parsing specially crafted SMB responses. Authentication is not required
to exploit this vulnerability. The third issue is a code execution
vulnerability caused as a result of Microsoft SMB client improperly
validating fields in the SMB transact response. The fourth issue is a
code execution vulnerability caused as a result of Microsoft SMB client
incorrectly parsing specially crafted SMB transaction responses. The
fifth issue is code execution vulnerability caused as a result of
Microsoft SMB client incorrectly parsing specially crafted SMB responses
and authentication is not required to exploit this vulnerability. Some
technical details are provided for these vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-020.mspx
Vendor Home Page
http://www.microsoft.com/
SecurityFocus BID's
http://www.securityfocus.com/bid/36989
http://www.securityfocus.com/bid/39312
http://www.securityfocus.com/bid/39336
http://www.securityfocus.com/bid/39339
*************************************************************
(2) CRITICAL: Microsoft MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability (MS10-026)
Affected:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
Description: A buffer overflow vulnerability has been reported in
Microsoft MPEG Layer-3 audio codec, a software that is used to compress
or decompress a media file. A specially crafted AVI file that contains
the malformed MPEG Layer-3 audio stream can be used to trigger this
vulnerability. MPEG Layer-3 Audio Codec for Microsoft DirectShow
"l3codecx.ax" and the Fraunhofer IIS MPEG Layer-3 ACM codec's
"L3codeca.acm" and "L3codecp.acm" are the vulnerable audio codec's.
Successful exploitation might allow an attacker to execute arbitrary
code in the context of the affected application. Technical details for
this vulnerability are not publicly available.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-026.mspx
Vendor Home Page
http://www.microsoft.com/
SecurityFocus BID
http://www.securityfocus.com/bid/39303
*************************************************************
(3) CRITICAL: Microsoft Windows Media Player ActiveX Control Code
Execution Vulnerability (MS10-027)
Affected:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows Media Player 9 Series
Windows XP Service Pack 3
Description: Microsoft Windows Media Player, a feature of Windows
operating system, is used to play audio and video files. A code
execution vulnerability has been identified in the Windows Media Player
ActiveX control. The issue is caused by an error while retrieving a
codec for an unknown fourCC compression code. Successful exploitation
might allow an attacker to execute arbitrary code in the context of the
user using the affected application. Some technical details for the
vulnerability are publicly available.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-027.mspx
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-070/
Vendor Home Page
http://www.microsoft.com/
SecurityFocus BID
http://www.securityfocus.com/bid/39351
*************************************************************
(4) CRITICAL: Microsoft Office Publisher Buffer Overflow Vulnerability (MS10-023)
Affected:
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System Service Pack 1
2007 Microsoft Office System Service Pack 2
Description: Microsoft Office Publisher, a popular Desktop Publishing
(DTP) application and Microsoft Office component, contains a buffer
overflow vulnerability. A specially crafted Publisher file can be used
to trigger this vulnerability. The issue is caused by a boundary error
in the code, responsible for converting files from the Publisher 97
format, while processing a TextBox item. Successful exploitation might
allow an attacker to execute arbitrary code in the context of the
affected application. Some technical details about the vulnerability are
publicly available.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-023.mspx
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-069/
Vendor Home Page
http://www.microsoft.com/
SecurityFocus BID
http://www.securityfocus.com/bid/39347
*************************************************************
(5) CRITICAL: Microsoft Office Visio Multiple Vulnerabilities (MS10-028)
Affected:
Microsoft Office Visio 2002 Service Pack 2
Microsoft Office Visio 2003 Service Pack 3
Microsoft Office Visio 2007 Service Pack 1
Microsoft Office Visio 2007 Service Pack 2
Description: Microsoft Visio is a diagramming software from Microsoft
and has been identified with two vulnerabilities. A specially crafted
Visio file can be used to trigger this vulnerability. The first issue
is caused by an error in Microsoft Office Visio in its validation of
certain attributes while processing specially crafted Visio files. The
second issue is caused by an error in Microsoft Office Visio in its
calculation of indexes while processing specially crafted Visio files.
Successful exploitation in both the cases might allow an attacker to
execute arbitrary code in the context of the affected application.
Technical details for these vulnerabilities are not available in public.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx
FORTIGUARD ADVISORY (FGA-2010-17)
http://www.fortiguard.com/advisory/FGA-2010-17.html
Vendor Home Page
http://www.microsoft.com/
SecurityFocus BID's
http://www.securityfocus.com/bid/39300
http://www.securityfocus.com/bid/39302
*************************************************************
(6) CRITICAL: Adobe Reader and Acrobat Multiple Vulnerabilities
Affected:
Adobe Reader 9.x
Adobe Reader 8.x
Adobe Acrobat Standard 9.x
Adobe Acrobat Standard 8.x
Adobe Acrobat Professional 9.x
Adobe Acrobat Professional 8.x
Adobe Acrobat 9.x
Adobe Acrobat 3D 8.x
Description: Adobe Acrobat is a program designed to create, manage and
view Portable Document Format (PDF) and Adobe Reader is designed to only
view and print PDF's. Both Adobe reader and Acrobat have been reported
to have multiple vulnerabilities, which could be triggered by opening a
specially crafted PDF file. The first issue is caused by a memory
corruption error in "3difr.x3d", which is a plug-in used to display 3D
material. The second issue is a heap overflow error in "CoolType.dll".
The third issue is caused by an error while parsing embedded fonts
inside a PDF document. There are other unspecified errors in the
application that causes buffer overflows, memory corruption and cross
site scripting vulnerabilities. Successful exploitation in most of the
cases might result in remote code execution. Technical details for these
vulnerabilities are not available publicly.
Status: Vendor confirmed, updates available.
References:
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-071/
FORTIGUARD ADVISORY (FGA-2010-18)
http://www.fortiguard.com/advisory/FGA-2010-18.html
Adobe Security Advisory (APSB10-09)
http://www.adobe.com/support/security/bulletins/apsb10-09.html
Vendor Home Page
http://www.adobe.com/
SecurityFocus BID's
http://www.securityfocus.com/bid/39329
http://www.securityfocus.com/bid/39417
http://www.securityfocus.com/bid/39469
http://www.securityfocus.com/bid/39470
*************************************************************
(7) CRITICAL: Oracle Multiple Products Multiple Vulnerabilities (CPU Apr 2010)
Affected:
Oracle Database 11g Release 2, version 11.2.0.1
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
Oracle Database 10g, version 10.1.0.5
Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
Oracle Application Server 10gR2, version 10.1.2.3.0
Oracle Identity Management 10g, version 10.1.4.0.1 and 10.1.4.3
Oracle Collaboration Suite 10g, version 10.1.2.4
Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1 and 12.1.2
Oracle E-Business Suite Release 11i, versions 11.5.10, 11.5.10.2
Oracle Transportation Manager, Versions: 5.5.05.07, 5.5.06.00, 6.0.03
Oracle Agile - Engineering Data Management, Version 6.1.1.0
PeopleSoft Enterprise PeopleTools, versions 8.49 and 8.50
Oracle Communications Unified Inventory Management version 7.1
Oracle Clinical Remote Data Capture Option 4.5.3, 4.6
Oracle Thesaurus Management System 4.5.2, 4.6, 4.6.1
Oracle Retail Markdown Optimization version 13.1
Oracle Retail Place In-Season version 12.2
Oracle Retail Plan In-Season version 12.2
Oracle Sun Product Suite
Description: Oracle has released a cumulative security patch for a wide
range of its products on April 13, 2010. This Critical Patch Update
contains 41 new security fixes across different products. Of these 41
new fixes, there are 7 fixes for the Oracle Database Server, 5 security
fixes for Oracle Fusion Middleware, 1 security fix for the Oracle
Collaboration Suite, 8 new security fixes for Oracle Applications, 4 new
security fixes for the Oracle PeopleSoft and JDEdwards Suite, 6 new
security fixes for Oracle Industry Applications and 16 new security
fixes for the Oracle Sun Product Suite. Flaws addressed in this update
include remote command execution vulnerabilities, denial of service
issues, information disclosure vulnerabilities, SQL injection
vulnerabilities, security restrictions bypass issues. There still are
some issues whose impacts are yet unknown. Authentication is not
required to exploit some of these vulnerabilities while for some
authentication is required.
Status: Vendor confirmed, updates available.
References:
Oracle Critical Patch Update (CPU April 2010)
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
Zero Day Initiative Advisories
http://www.zerodayinitiative.com/advisories/ZDI-10-073/
http://www.zerodayinitiative.com/advisories/ZDI-10-074/
http://www.zerodayinitiative.com/advisories/ZDI-10-075/
Vendor Home Page
http://www.oracle.com/
SecurityFocus BID's
http://www.securityfocus.com/bid/39418
http://www.securityfocus.com/bid/39421
http://www.securityfocus.com/bid/39422
http://www.securityfocus.com/bid/39423
http://www.securityfocus.com/bid/39424
http://www.securityfocus.com/bid/39425
http://www.securityfocus.com/bid/39426
http://www.securityfocus.com/bid/39427
http://www.securityfocus.com/bid/39428
http://www.securityfocus.com/bid/39429
http://www.securityfocus.com/bid/39430
http://www.securityfocus.com/bid/39431
http://www.securityfocus.com/bid/39432
http://www.securityfocus.com/bid/39433
http://www.securityfocus.com/bid/39434
http://www.securityfocus.com/bid/39435
http://www.securityfocus.com/bid/39436
http://www.securityfocus.com/bid/39437
http://www.securityfocus.com/bid/39438
http://www.securityfocus.com/bid/39439
http://www.securityfocus.com/bid/39441
http://www.securityfocus.com/bid/39442
http://www.securityfocus.com/bid/39443
http://www.securityfocus.com/bid/39444
http://www.securityfocus.com/bid/39445
http://www.securityfocus.com/bid/39447
http://www.securityfocus.com/bid/39448
http://www.securityfocus.com/bid/39450
http://www.securityfocus.com/bid/39451
http://www.securityfocus.com/bid/39452
http://www.securityfocus.com/bid/39454
*************************************************************
(8) CRITICAL: VMware Multiple Products Multiple Vulnerabilities
Affected:
VMware Workstation 7.0
VMware Workstation 6.5.3 and earlier
VMware Player 3.0
VMware Player 2.53 and earlier
VMware ACE 2.6
VMware ACE 2.5.3 and earlier
VMware Server 2.0.2 and earlier
VMware Fusion 3.0
VMware Fusion 2.0.6 and earlier
VMware VIX API for Windows 1.6.x
VMware ESXi 4.0 before patch ESXi400-201002402-BG
VMware ESXi 3.5 before patch ESXe350-200912401-T-BG
VMware ESX 4.0 without patches ESX400-201002401-BG, ESX400-200911223-UG
VMware ESX 3.5 without patch ESX350-200912401-BG
VMware ESX 3.0.3 without patch ESX303-201002203-UG
VMware ESX 2.5.5 without Upgrade Patch 15
Description: VMware, a virtualization software available for a variety
of platforms, has multiple vulnerabilities. The first issue is a code
execution vulnerability caused by an error in the way VMware libraries
are referenced, and this issue affects only Windows Guest Operating
Systems. The second issue is a code execution vulnerability caused by
an error in the way VMware executables are loaded, and this issue
affects only Windows Guest Operating Systems. The third issue is a
privilege escalation issue because of an error in the USB service. The
fourth issue is an uninitialized-memory-read error in the libpng
libraries through 1.2.35. The fifth issue is heap overflow errors in the
VMware movie decoder, which can be triggered by a malicious video file.
The sixth issue is a format string error in the VMware Remote Console
"VMrc", an application that is installed when the VMrc browser plug-in
is installed. The seventh issue is a denial of service vulnerability on
Windows based systems caused by an error in vmware-authd. The eight
issue is an information disclosure vulnerability caused by an error in
the virtual networking stack of VMware's different products. The last
issue is a format string vulnerability in "vmrun". Some technical
details for some of the vulnerabilities are publicly available.
Status: Vendor confirmed, updates available.
References:
VMware Security Advisory (VMSA-2010-0007)
http://lists.vmware.com/pipermail/security-announce/2010/000090.html
Vendor Home Page
http://www.vmware.com/
SecurityFocus BID's
http://www.securityfocus.com/bid/39392
http://www.securityfocus.com/bid/39394
http://www.securityfocus.com/bid/39395
http://www.securityfocus.com/bid/39396
http://www.securityfocus.com/bid/39397
http://www.securityfocus.com/bid/39407
*************************************************************
(9) HIGH: Microsoft Windows Media Services Buffer Overflow Vulnerability (MS10-025)
Affected:
Microsoft Windows 2000 Server Service Pack 4
Description: Microsoft Windows Media Services is a platform that is used
for streaming live or on-demand audio and video. A buffer overflow
vulnerability has been identified in Windows Media Services. The
specific flaw is in the Windows Media Unicast Service "nsum.exe" caused
as a result of incorrect handling of specially crafted transport
information packets. Successful exploitation might allow an attacker to
execute arbitrary code in the context of the affected application. Some
technical details for this vulnerability are publicly available.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-025.mspx
Vendor Home Page
http://www.microsoft.com/
Secunia Advisory SA39377
http://secunia.com/advisories/39377/
*************************************************************
(10) HIGH: Microsoft Windows Authenticode Signature Verification
Multiple Vulnerabilities (MS10-019)
Affected:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems*
Windows Server 2008 R2 for Itanium-based Systems
Description: A code execution vulnerability has been identified in
Microsoft Windows Authenticode Signature Verification function, which
is used to perform verification of trust on a specified object. The
specific flaw is caused by an error while processing fields from the
file digest, while signing and verifying a portable executable (PE) and
a cabinet file. A specially crafted PE or cabinet file can be used to
trigger this vulnerability. The second issue is code execution
vulnerability in the Microsoft Windows Authenticode Signature
Verification for cabinet (.cab) file formats. The specific flaw is
caused by an error while processing fields from the file digest, while
signing and verifying a cabinet file. A specially crafted cabinet file
can be used to trigger this vulnerability. No further details are
available for these vulnerabilities in the public.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-019.mspx
Vendor Home Page
http://www.microsoft.com/
SecurityFocus BID's
http://www.securityfocus.com/bid/39328
http://www.securityfocus.com/bid/39332
*************************************************************
(11) MODERATE: Microsoft Windows SMTP Server Multiple Vulnerabilities (MS10-024)
Affected:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
Windows Server 2008 R2 for x64-based Systems**
Microsoft Exchange Server 2000 Service Pack 3
Microsoft Exchange Server 2003 Service Pack 2
Microsoft Exchange Server 2007 Service Pack 1 for x64-based Systems
Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems
Microsoft Exchange Server 2010 for x64-based Systems
Description: Two vulnerabilities have been identified in Microsoft
Windows Simple Mail Transfer Protocol (SMTP) component, which is
installed as part of Internet Information Services. The first issue is
a denial of service vulnerability and is caused because the component
does not parses a specially crafted DNS Mail Exchanger (MX) record
correctly. The second issue is an information disclosure vulnerability
caused as a result of incorrect allocation of memory by the SMTP
component. A specially crafted SMTP command response can be used to
trigger this vulnerability. No further details are available for these
vulnerabilities in the public.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx
Vendor Home Page
http://www.microsoft.com/
SecurityFocus BID's
http://www.securityfocus.com/bid/39308
http://www.securityfocus.com/bid/39381
*************************************************************
(12) MODERATE: Microsoft Windows ISATAP Component Address Spoofing
Vulnerability (MS10-029)
Affected:
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Description: The Intra-Site Automatic Tunnel Addressing Protocol
(ISATAP) is used to provide IPv6 connectivity within IPv4 intranet. An
IP address spoofing vulnerability has been identified in the ISATAP
component of Microsoft Windows. The specific flaw is that there is an
error in the ISATAP component in the way it checks the inner packet's
IPv6 source address in a tunneled ISATAP packet. Some technical details
for the vulnerability are provided publicly.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS10-029.mspx
Vendor Home Page
http://www.microsoft.com/
SecurityFocus BID
http://www.securityfocus.com/bid/39352
*************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
Week 16, 2010
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 9106 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
10.16.1 CVE: CVE-2010-0234
Platform: Windows
Title: Microsoft Windows Kernel NULL Pointer Local Denial of Service
Description: Microsoft Windows is exposed to a local denial of service
issue that affects the Windows kernel. Specifically, a NULL pointer
exception can occur when registry keys are passed as arguments to a
system call.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
______________________________________________________________________
10.16.2 CVE: CVE-2010-0024
Platform: Windows
Title: Microsoft Windows SMTP Server MX Record Denial of Service
Description: Microsoft Windows Simple Mail Transfer Protocol is
an email transport service included in email services and Microsoft
Internet Information Services. Microsoft Windows Simple Mail
Transfer Protocol Server is exposed to a denial of service
issue that occurs when handling a specially crafted Domain Name Server
Mail Exchange resource record.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx
______________________________________________________________________
10.16.3 CVE: CVE-2010-0235
Platform: Windows
Title: Microsoft Windows Kernel Symbolic Link Local Denial of Service
Description: Microsoft Windows is exposed to a local denial of service
issue that affects the Windows kernel. This issue occurs because the
kernel may handle symbolic links in an unsafe manner. Attackers can
exploit this issue to cause affected computers to become unresponsive
and restart, causing a denial of service.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
______________________________________________________________________
10.16.4 CVE: CVE-2010-0269
Platform: Windows
Title: Microsoft Windows SMB Client Memory Allocation Remote Code
Execution
Description: Microsoft Windows is exposed to a remote code execution
issue in the Server Message Block (SMB) protocol implementation.
Specifically, the SMB client fails to properly allocate memory when
handling a crafted response from an SMB server. This can lead to
memory corruption.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-020.mspx
______________________________________________________________________
10.16.5 CVE: CVE-2010-0238
Platform: Windows
Title: Microsoft Windows Kernel Invalid Registry Key Local Denial of
Service
Description: Microsoft Windows is exposed to a local denial of service
issue that affects the Windows kernel. Specifically, the kernel fails
to properly validate registry keys.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
______________________________________________________________________
10.16.6 CVE: CVE-2010-0481
Platform: Windows
Title: Microsoft Windows Kernel Virtual Path Local Denial of Service
Description: Microsoft Windows is exposed to a local denial of service
issue that affects the Windows kernel. Specifically, the kernel fails
to properly resolve the real path of a registry key from its actual
path.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
______________________________________________________________________
10.16.7 CVE: CVE-2010-0482
Platform: Windows
Title: Microsoft Windows Kernel Image File Relocation Local Denial of
Service
Description: Microsoft Windows is exposed to a local denial of service
issue that affects the Windows kernel. Specifically, the kernel fails
to properly validate the relocation section of a crafted disk image
file.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
______________________________________________________________________
10.16.8 CVE: CVE-2010-0810
Platform: Windows
Title: Microsoft Windows Kernel Exception Handling Local Denial of
Service
Description: Microsoft Windows is exposed to a local denial of service
issue that affects the Windows kernel. This issue is due to an
unspecified error in exception handling.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
______________________________________________________________________
10.16.9 CVE: CVE-2010-0236
Platform: Windows
Title: Microsoft Windows Kernel Registry Key Symbolic Link Local
Privilege Escalation
Description: Microsoft Windows is exposed to a local privilege
escalation issue that occurs in the Windows kernel. Specifically,
memory may not be properly allocated when a symbolic link is extracted
from a registry key.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
______________________________________________________________________
10.16.10 CVE: CVE-2010-0237
Platform: Windows
Title: Microsoft Windows Kernel Symbolic Link Creation Local Privilege
Escalation
Description: Microsoft Windows is exposed to a local privilege
escalation issue that occurs in the Windows kernel. Specifically, the
kernel fails to properly restrict the creation of symbolic links
between trusted and untrusted registry hives.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
______________________________________________________________________
10.16.11 CVE: CVE-2010-0486
Platform: Windows
Title: Microsoft Windows Authenticode Signature Verification Remote
Code Execution
Description: Microsoft Windows Authenticode Signature Verification is
an application that performs a trust verification action on a
specified object. Microsoft Windows Authenticode Signature
Verification is exposed to a remote code execution issue that occurs
because the application omits certain fields from the file digest
when signing or verifying Portable Executable or cabinet files.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-019.mspx
______________________________________________________________________
10.16.12 CVE: CVE-2010-0487
Platform: Windows
Title: Microsoft Windows Cabinet File Viewer Cabview Validation Remote
Code Execution
Description: Microsoft Windows Cabinet File Viewer is a shell
extension that handles cabinet files in the Windows operating system.
The application allows users to view, open, browse, and extract
cabinet files. Microsoft Windows Cabinet File Viewer is exposed to a
remote code execution issue that occurs because the application omits
fields from the file digest when viewing a signed cabinet (.cab)
file.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-019.mspx
______________________________________________________________________
10.16.13 CVE: CVE-2010-0268
Platform: Windows
Title: Microsoft Windows Media Player ActiveX Control Remote Code
Execution
Description: Microsoft Windows Media Player is a multimedia
application available for the Windows operating system. The Microsoft
Windows Media Player ActiveX control is exposed to a remote code
execution issue when handling specially crafted media content. The
issue affects Windows Media Player 9 on supported editions of
Microsoft Windows 2000 and Windows XP.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-027.mspx
______________________________________________________________________
10.16.14 CVE: CVE-2010-0812
Platform: Windows
Title: Microsoft Windows ISATAP Component IPv6 Address Spoofing
Description: ISATAP (Intra-Site Automatic Tunnel Addressing Protocol)
is a tunneling protocol that provides IPv6 connectivity using an
existing IPv4 infrastructure. Microsoft Windows is exposed to a
spoofing issue that affects the ISATAP component in the Microsoft
Windows IPv6 stack. The issue stems from the way Windows checks the
inner packet's IPv6 source address in a tunneled ISATAP packet; it can
allow attackers to impersonate a source address. The issue affects
Windows XP, Windows Server 2003, Windows Vista, and Windows Server
2008.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-029.mspx
______________________________________________________________________
10.16.15 CVE: CVE-2010-0025
Platform: Windows
Title: Microsoft Windows SMTP Server Memory Allocation Information
Disclosure
Description: Microsoft Windows Simple Mail Transfer Protocol (SMTP) is
an email transport service included in email services and Microsoft
Internet Information Services. Microsoft Windows SMTP Server is
exposed to an information disclosure issue that occurs because the
application fails to properly allocate memory when interpreting SMTP
command responses.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx
______________________________________________________________________
10.16.16 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Visio Attribute Validation Memory Corruption Remote
Code Execution
Description: Microsoft Visio is an application for visualizing and
communicating complex drawings and diagrams. Visio is exposed to a
remote code execution issue. The software fails to properly validate
attributes when parsing specially crafted Visio files, which may
result in memory corruption.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx
______________________________________________________________________
10.16.17 CVE: CVE-2010-0256
Platform: Other Microsoft Products
Title: Microsoft Visio Index Calculation Memory Corruption Remote Code
Execution
Description: Microsoft Visio is an application for visualizing and
communicating complex drawings and diagrams. Visio is exposed to a
remote code execution issue. The software fails to properly calculate
indexes when parsing specially crafted Visio files, which may result
in memory corruption.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx
______________________________________________________________________
10.16.18 CVE: Not Available
Platform: Third Party Windows Apps
Title: JustSystems Ichitaro Font Information Processing Remote Code
Execution
Description: Ichitaro is a word processor available for Microsoft
Windows. The application is exposed to a remote code execution issue.
Specifically the issue occurs when processing the font information
from a specially crafted document. Ichitaro versions 2010 and earlier
are affected.
Ref: http://www.symantec.com/connect/blogs/new-ichitaro-vulnerability-springs-japan
______________________________________________________________________
10.16.19 CVE: Not Available
Platform: Third Party Windows Apps
Title: WinSoftMagic Photo Editor PNG File Buffer Overflow
Description: WinSoftMagic Photo Editor is an image editing application
for Windows. WinSoftMagic Photo Editor is exposed to a remote buffer
overflow issue because it fails to adequately bounds check
user-supplied data before copying it to an insufficiently sized memory
buffer. Specifically, this issue occurs in the application's handling
of PNG files.
Ref: http://www.securityfocus.com/bid/39354
______________________________________________________________________
10.16.20 CVE: CVE-2010-0500
Platform: Mac Os
Title: Apple Mac OS X Firewall Blacklist Denial of Service
Description: Apple Mac OS X is exposed to a remote denial of service
issue because it fails to properly sanitize user-supplied input.
Specifically, resolved DNS names are not properly escaped when
performing reverse DNS lookups on remote SSH clients that fail to
authenticate. Mac OS X version 10.5.8; Mac OS X Server version
10.5.8; Mac OS X versions 10.6 through 10.6.2 and Mac OS X Server
versions 10.6 through 10.6.2 are affected.
Ref: http://support.apple.com/kb/HT4077
______________________________________________________________________
10.16.21 CVE: Not Available
Platform: Mac Os
Title: Apple Mac OS X Mail Rule Association Data Integrity Security
Description: Mail is an email client application for Mac OS X. Apple
Mac OS X is exposed to a security issue in the Mail component that
will compromise data integrity. This issue occurs because user-defined
filter rules remain active when a mail account is deleted. An attacker
can exploit this issue to perform unauthorized actions.
Ref: http://support.apple.com/kb/HT4077
______________________________________________________________________
10.16.22 CVE: CVE-2010-0510
Platform: Mac Os
Title: Apple Mac OS X Password Server Outdated Password Security
Bypass
Description: Apple Mac OS X is exposed to a security bypass issue that
occurs in the Password Server component. This issue occurs because
the application fails to properly replicate passwords. Remote
attackers can exploit this issue to gain unauthorized access to the
affected computer by using outdated passwords.
Ref: http://support.apple.com/kb/HT4077
______________________________________________________________________
10.16.23 CVE: Not Available
Platform: Mac Os
Title: Apple Mac OS X SFLServer Local Privilege Escalation
Description: Apple Mac OS X is exposed to a local privilege escalation
issue in the OS Services component. Specifically, the "SFLServer"
application runs as a member of the "wheel" group, and accesses files
in users' home directories in an unsafe manner. Mac OS X version 10.5.8,
Mac OS X Server version 10.5.8, Mac OS X versions 10.6 through 10.6.2
and Mac OS X Server versions 10.6 through 10.6.2 are affected.
Ref: http://support.apple.com/kb/HT4077
______________________________________________________________________
10.16.24 CVE: CVE-2010-0506
Platform: Mac Os
Title: Apple Mac OS X Image RAW Component NEF File Remote Buffer
Overflow
Description: Apple Mac OS X is exposed to a buffer overflow issue
because it fails to sufficiently validate user-supplied data to the
'Image RAW' component when viewing NEF image files. Mac OS X version 10.5.8
and Mac OS X Server version 10.5.8 are affected .
Ref: http://support.apple.com/kb/HT4077
______________________________________________________________________
10.16.25 CVE: CVE-2010-0511
Platform: Mac Os
Title: Apple Mac OS X Podcast Producer Access Validation
Description: Podcast Producer is an application for encoding,
publishing, and producing podcasts. Mac OS X is exposed to an access
validation issue because it fails to properly preserve access controls
when a Podcast Composer workflow is overwritten. Mac OS X Server
versions 10.6 through 10.6.2 are affected.
Ref: http://support.apple.com/kb/HT4077
______________________________________________________________________
10.16.26 CVE: CVE-2010-0525
Platform: Mac Os
Title: Apple Mac OS X Mail Encryption Certificate Selection in
Keychain Security Bypass
Description: Mail is an email client application for Mac OS X. Apple
Mac OS X is exposed to a security bypass issue in Mail. Specifically,
when multiple encryption certificates exist for a recipient in the
keychain, Mail may not select a key intended for encipherment as
determined by the key usage extension. Mac OS X version 10.5.8, Mac
OS X Server version 10.5.8, Mac OS X versions 10.6 through 10.6.2 and
Mac OS X Server versions 10.6 through 10.6.2 are affected.
Ref: http://support.apple.com/kb/HT4077
______________________________________________________________________
10.16.27 CVE: CVE-2010-0521
Platform: Mac Os
Title: Apple Mac OS X Open Directory Anonymous Access Security Bypass
Description: Apple Mac OS X is exposed to a security bypass issue that
affects Open Directory access. Specifically, the vulnerable
application fails to properly enforce the "Require authenticated
binding between directory and clients" configuration option. Mac OS X
Server version 10.5.8 and Mac OS X Server versions 10.6 prior to
10.6.3 are affected.
Ref: http://support.apple.com/kb/HT4077
______________________________________________________________________
10.16.28 CVE: CVE-2010-0523
Platform: Mac Os
Title: Apple Mac OS X Wiki Server File Upload Security Bypass
Description: Wiki Server is a server application for Apple Mac OS X
to host wiki pages. The application is exposed to a security
vulnerability because it fails to adequately restrict file types that
can be uploaded by users. Mac OS X Server versions 10.5.8 and earlier
are affected.
Ref: http://support.apple.com/kb/HT4077
______________________________________________________________________
10.16.29 CVE: CVE-2010-0522
Platform: Mac Os
Title: Apple Mac OS X Server Admin Screen Sharing Security Bypass
Description: Apple Mac OS X is exposed to a security bypass issue that
occurs in the Server Admin component. This issue occurs because the
application fails to properly handle administrator's privileges.
Ref: http://www.securityfocus.com/bid/39290
______________________________________________________________________
10.16.30 CVE: CVE-2010-0534
Platform: Mac Os
Title: Apple Mac OS X Wiki Server Weblog SACL Security Bypass
Description: Apple Mac OS X is exposed to a security bypass issue in
the Wiki Server component. This issue occurs because the application
fails to properly enforce service access control lists when a
user creates a weblog. Mac OS X and Mac OS X Server versions 10.6
through 10.6.2 are affected.
Ref: http://www.securityfocus.com/bid/39291
______________________________________________________________________
10.16.31 CVE: CVE-2010-0502
Platform: Mac Os
Title: Apple Mac OS X iChat Server Logging Security Bypass
Description: Apple iChat Server is an instant messaging server
included in Apple Mac OS X. iChat Server is exposed to a security
bypass issue affecting configurable group logging. Specifically, this
issue may result in messages not being properly logged by the affected
server. Mac OS X Server version 10.5.8 and Mac OS X Server versions 10.6
prior to 10.6.3 are affected.
Ref: http://www.securityfocus.com/bid/39235
______________________________________________________________________
10.16.32 CVE: CVE-2010-1146
Platform: Linux
Title: Linux Kernel ReiserFS Security Bypass
Description: The Linux kernel is exposed to a security bypass issue
because the ReiserFS file system implementation fails to properly
restrict access to the ".reiserfs_priv" directory that is used to
store extended attributes.
Ref: http://marc.info/?l=linux-kernel&m=127076012022155&w=2
______________________________________________________________________
10.16.33 CVE: Not Available
Platform: Linux
Title: "am-utils" Package "amqsvc_is_client_allowed()" Security Bypass
Description: The "am-utils" package is a part of the BSD automounter
"amd". The application is exposed to a security bypass issue because
of an error in the implementation of TCP wrappers. Specifically, the
"amqsvc_is_client_allowed" function in the "amq_svc.c" source code
file does not properly handle certain "host." rules. "am-utils"
version 6.1.5 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=566711
______________________________________________________________________
10.16.34 CVE: Not Available
Platform: Cross Platform
Title: Virata EmWeb URI Remote Denial Of Service
Description: Virata EmWeb is an embedded interface application for
network devices. Virata EmWeb software can be found in multiple
printers and DSL modems. The application is exposed to a remote denial
of service issue because it fails to handle specially crafted URI
data. Specifically, attackers can trigger this issue by sending a URI
of 512 bytes to a device running a vulnerable version of the
application. Virata EmWeb version R6.0.1 is affected.
Ref: http://www.exploit-db.com/exploits/12095
______________________________________________________________________
10.16.35 CVE: CVE-2010-1149
Platform: Cross Platform
Title: udisks "probers/udisks-dm-export.c" Local Information
Disclosure
Description: udisks provides a daemon, D-Bus API and command line
tools for managing disks and storage devices. udisks is exposed to an
information disclosure issue because the application discloses
encryption keys when exporting the device mapper table data to udev.
Specifically the issue occurs in the "probers/udisks-dm-export.c"
file. udisks version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/39265
______________________________________________________________________
10.16.36 CVE: Not Available
Platform: Cross Platform
Title: abcm2ps Versions Prior to 5.9.12 Multiple Vulnerabilities
Description: abcm2ps is a command line ABC to PostScript music sheet
converter implemented in C. The application is exposed to multiple
security issues: Three buffer overflow issues, two local information
disclosure issues and a postscript injection issue.
abcm2ps versions prior to 5.9.12 are affected.
Ref: http://osdir.com/ml/wikibugs-l/2010-03/msg01789.html
______________________________________________________________________
10.16.37 CVE: Not Available
Platform: Cross Platform
Title: AnyZip ZIP File Remote Buffer Overflow
Description: AnyZip is a file compression/extraction application. The
application is exposed to a remote buffer overflow issue because it
fails to perform adequate boundary checks on user-supplied data. The
vulnerability occurs when handling specially crafted ZIP files. AnyZip
version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/39287
______________________________________________________________________
10.16.38 CVE: CVE-2010-0055
Platform: Cross Platform
Title: xar Package Signature Validation Remote Security Bypass
Description: xar (eXtensible ARchiver) is an archiving application.
xar is exposed to a security bypass issue because it fails to properly
verify signatures. Specifically, the "xar_open()" function and the
"xar_signature_copy_signed_data()" function may use different offsets
to locate an archive's checksum when validating the signature. xar
versions prior to1.5.3 are affected.
Ref: http://code.google.com/p/xar/issues/detail?id=73#c0
______________________________________________________________________
10.16.39 CVE: CVE-2010-1122
Platform: Cross Platform
Title: Mozilla Firefox Remote Memory Corruption
Description: Mozilla Firefox is a browser available for various
platforms. The application is exposed to a remote memory corruption
issue that stems from an unspecified error. This issue may be related
to the handling of compressed data; however, this has not been
confirmed. Mozilla Firefox versions 3.5 through 3.5.8 are affected.
Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=555139
______________________________________________________________________
10.16.40 CVE: CVE-2010-1182
Platform: Cross Platform
Title: IBM WebSphere Application Server for z/OS Admin Console
Unspecified Security Vulnerabilities
Description: IBM WebSphere Application Server is a web server.
The application is exposed to multiple issues that affect the
Administrative Console. IBM WebSphere Application Server for
z/OS versions prior to 7.0.0.9 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161
______________________________________________________________________
10.16.41 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Portal Login Unspecified Security
Description: IBM WebSphere Application Server is a web server.
IBM WebSphere Portal is exposed to an unspecified issue that affects
the login process. IBM WebSphere Portal version 6.1.0.2 is affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM08667
______________________________________________________________________
10.16.42 CVE: Not Available
Platform: Cross Platform
Title: IBM Systems Director Agent Insecure File Permissions
Vulnerabilities
Description: IBM Director Agent is an application used to view,
monitor and control systems from its Web interface.
IBM Director Agent is exposed to a security issue because it sets
insecure file permissions. Specifically the "diruninstall" and
"wcitinst" scripts are set to world executable permission. IBM Systems
Director Agent version 6.1.2 is affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=isg1PM08236
______________________________________________________________________
10.16.43 CVE: CVE-2010-1238
Platform: Cross Platform
Title: MoinMoin "TextCha" Protection Security Bypass
Description: MoinMoin is a freely available, open source wiki written
in Python. It is available for UNIX and Linux platforms. TextCha is a
variety of CAPTCHA (Completely Automated Public Turing test to tell
Computers and Humans Apart) based on text based questions. MoinMoin is
exposed to a security bypass issue that affects the "TextCha" feature.
MoinMoin version 1.7.1 is affected.
Ref: http://www.securityfocus.com/bid/39327
______________________________________________________________________
10.16.44 CVE: Not Available
Platform: Cross Platform
Title: Jzip ZIP File Remote Buffer Overflow
Description: Jzip is a file compression/extraction application. The
application is exposed to a remote buffer overflow issue because it
fails to perform adequate boundary checks on user-supplied data. The
vulnerability occurs when handling specially crafted ZIP files. Jzip
version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/39326
______________________________________________________________________
10.16.45 CVE: Not Available
Platform: Cross Platform
Title: AjaXplorer Remote Command Injection and Local File Disclosure
Vulnerabilities
Description: AjaXplorer is a remote file management application. The
application is exposed to multiple issues: A command injection issue
because it fails to adequately sanitize user-supplied input data and a
local file disclosure issue because it fails to adequately sanitize
user-supplied input data. AjaXplorer versions prior to 2.6 are
affected.
Ref:
http://www.ajaxplorer.info/wordpress/2010/04/ajaxplorer-2-6-security-ajaxplorer-2-7-1-early-beta-for-3-0/
______________________________________________________________________
10.16.46 CVE: CVE-2009-1564, CVE-2009-1565, CVE-2010-1141,
CVE-2010-1140, CVE-2009-3732, CVE-2009-3707, CVE-2010-1138,
CVE-2010-1139, CVE-2010-1142
Platform: Cross Platform
Title: VMware Hosted Products VMSA-2010-0007 Multiple Remote
Vulnerabilities
Description: VMware hosted products are exposed to multiple remote
issues. A remote arbitrary code execution issue exists in VMware
Tools in the way VMware libraries are referenced. A privilege
escalation issue exists in VMware Tools that may allow local
attacker to execute arbitrary code with the privileges of another
user. A privilege escalation issue exists in the USB service. Multiple
heap-based buffer overflow issues in VMware VMnc Codec may result in
an arbitrary code execution. A format string issue in the VMware
Remote Console (VMrc) may result in an arbitrary code execution. A
remote denial of service issue exists in "vmware-authd". An information
disclosure issue exists in the virtual networking stack of VMware
hosted products. A format string issue in "vmrun" may result in an
arbitrary code execution.
Ref: http://www.securityfocus.com/bid/39345
______________________________________________________________________
10.16.47 CVE: Not Available
Platform: Cross Platform
Title: Fujitsu Accela BizSearch Unspecified Search Result Information
Disclosure
Description: Fujitsu Accela BizSearch is exposed to an unspecified
information disclosure issue due to an unspecified error that may
allow attackers gain access to files through the search results.
eAccela BizSearch version 1.0, eAccela BizSearch version 2.0, eAccela
BizSearch version 2.1, Accela BizSearch version 3.0, Accela BizSearch
version 3.1, IntelligentSearch for WindowsNT 2.0L10 and
IntelligentSearch for WindowsNT 2.0L20 are affected.
Ref: http://www.securityfocus.com/bid/39350
______________________________________________________________________
10.16.48 CVE: Not Available
Platform: Cross Platform
Title: Aladdin eToken PKI Client ETV File Remote Code Execution
Description: Aladdin eToken PKI Client facilitates eToken USB
operations which allow PKI keys and digital certificates to be
generated, stored and used on board a smart card-based eToken device.
The application is exposed to a remote code execution issue that
occurs when handling specially crafted ETV files and likely occurs
because the application fails to perform boundary checks prior to
copying user-supplied data to process buffers. Aladdin eToken PKI
Client version 4.5 is affected.
Ref: http://www.securityfocus.com/bid/39370
______________________________________________________________________
10.16.49 CVE: Not Available
Platform: Cross Platform
Title: F-Secure Multiple Products Scan Evasion Vulnerabilities
Description: F-Secure products provide antivirus protection for
various platforms. Multiple F-Secure products are exposed to issues
that may allow certain compressed archives to bypass the scan engine.
Specifically, the 7Z, GZIP, CAB or RAR archive files may remain
undetected.
Ref:
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html
______________________________________________________________________
10.16.50 CVE: Not Available
Platform: Cross Platform
Title: Irssi Denial of Service and SSL Hostname Verification Security
Bypass Vulnerabilities
Description: Irssi is an IRC client available for multiple operating
systems. Irssi is exposed to multiple remote issues. An unspecified
denial of service issue amd a security bypass issue that affects the
hostname of the server when using SSL connections. Irssi versions
prior to 0.8.15 are affected.
Ref: http://www.irssi.org/news
______________________________________________________________________
10.16.51 CVE: CVE-2009-4511, CVE-2009-4510, CVE-2009-4509
Platform: Cross Platform
Title: TANDBERG Video Communication Server Multiple Remote
Vulnerabilities
Description: TANDBERG Video Communication Server is a Linux-based
appliance which supports video communication. The device is exposed to
multiple remote issues. A file disclosure issue affects the
"page" parameter of the "helppage.php" script. A security issue occurs
because the device is deployed with the default DSA key pair
and fails to generate a new key when the device is installed. An
authentication bypass issue affects the "secure.php" script.
Firmware versions prior to TANDBERG Video Communication Server 5.1.1
are affected.
Ref: http://www.securityfocus.com/archive/1/510654
______________________________________________________________________
10.16.52 CVE: CVE-2010-1141
Platform: Cross Platform
Title: VMware Hosted Products VMware Tools Library Reference Remote
Code Execution
Description: Multiple VMware products are exposed to a remote code
execution issue that exists in VMware Tools. This issue occurs because
VMware Tools fails to properly reference certain libraries.
Ref: http://www.securityfocus.com/bid/39392
______________________________________________________________________
10.16.53 CVE: CVE-2010-1142
Platform: Cross Platform
Title: VMware Hosted Products VMware Tools Local Privilege Escalation
Description: Multiple VMware products are exposed to a local privilege
escalation issue that affects VMware Tools. This issue occurs when
handling a malicious executable.
Ref: http://www.securityfocus.com/bid/39394
______________________________________________________________________
10.16.54 CVE: CVE-2010-1138
Platform: Cross Platform
Title: VMware Hosted Products "vmware-vmx" Virtual Network Stack
Information Disclosure
Description: Multiple VMware-hosted products are exposed to an
information disclosure issue in the virtual networking stack.
Ref: http://www.vmware.com/security/advisories/VMSA-2010-0007.html
______________________________________________________________________
10.16.55 CVE: CVE-2009-3732
Platform: Cross Platform
Title: VMware Remote Console "connect" Method Remote Format String
Description: VMware Remote Console is a browser plugin available for
Microsoft Internet Explorer and Mozilla Firefox. It provides remote
access to virtual machines. The plugin is exposed to a remote format
string issue because it fails to sufficiently sanitize user-supplied
input to the "host" parameter of the "connect" method provided by the
plugin.
Ref: http://dsecrg.com/pages/vul/show.php?id=153
______________________________________________________________________
10.16.56 CVE: Not Available
Platform: Cross Platform
Title: Trend Micro Internet Security Toolbar Denial of Service
Description: Trend Micro Internet Security is a security application.
It ships with the Trend Micro Toolbar for Mozilla Firefox and
Microsoft Internet Explorer. Trend Micro Internet Security is exposed
to a denial of service issue that affects the Trend Micro Toolbar
plugin when processing overly long URIs. Trend Micro Toolbar version
1.6.0 running in Microsoft Internet Explorer 8 and Mozilla Firefox
3.6.3 are affected.
Ref: http://krebsonsecurity.com/2010/04/trendmicro-toolbar-long-url-fail/
______________________________________________________________________
10.16.57 CVE: CVE-2010-1139
Platform: Cross Platform
Title: VMware "vmrun" Local Privilege Escalation
Description: Multiple VMware products are exposed to a local privilege
escalation issue that arises due to a format string issue in the
"vmrun" application. An attacker may exploit this issue by crafting a
malicious process on a vulnerable computer and waiting for a user to
run "vmrun" and list processes. VMware VIX API, Workstation, Player,
Server, and Fusion are affected.
Ref: http://www.securityfocus.com/bid/39407
______________________________________________________________________
10.16.58 CVE: CVE-2010-0195
Platform: Cross Platform
Title: Adobe Acrobat and Reader Embedded Font Handling Remote Code
Execution
Description: Adobe Reader and Acrobat are applications for handling PDF
files. Adobe Acrobat and Reader are exposed to a remote code execution
issue that occurs when processing embedded font data contained in a
crafted PDF document. Affected versions: Adobe Reader 9.3.1 and prior
for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.1 and prior for
Windows and Macintosh; Adobe Reader 8.2.1 and prior for Windows and
Macintosh; Acrobat 8.2.1 and prior for Windows and Macintosh.
Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
______________________________________________________________________
10.16.59 CVE: CVE-2010-0852
Platform: Cross Platform
Title: Oracle DatabaseRemote XML DB
Description: Oracle Database is exposed to a remote issue in XML DB.
The issue can be exploited over the "Oracle Net" protocol. For an
exploit to succeed, the attacker must have "Create Session" privileges.
This vulnerability affects the following supported versions: 9.2.0.8,
9.2.0.8DV, 10.1.0.5 and 10.2.0.3.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
______________________________________________________________________
10.16.60 CVE: CVE-2010-0870
Platform: Cross Platform
Title: Oracle Database Remote Change Data Capture
Description: Oracle Database is exposed to a remote issue in Change
Data Capture. The issue can be exploited over the "Oracle Net"
protocol. For an exploit to succeed, the attacker must have "Execute
on SYS.DBMS_CDC_PUBLISH" privileges. The issue affects the following
supported versions: 9.2.0.8 and 9.2.0.8DV.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
______________________________________________________________________
10.16.61 CVE: CVE-2010-0868
Platform: Cross Platform
Title: Oracle E-Business Suite Oracle iStore Remote
Description: The Oracle E-Business Suite is exposed to a remote issue
in Oracle iStore. The issue can be exploited over the "HTTP" protocol.
An attacker does not require privileges to exploit this issue. This
issue affects the following supported versions: 11.5.10.2, 12.0.6 and 12.1.2.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
______________________________________________________________________
10.16.62 CVE: CVE-2010-0880
Platform: Cross Platform
Title: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
PeopleTools
Description: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
are exposed to a remote issue in PeopleTools. The issue can be
exploited over the "HTTP" protocol. This issue affects the following
supported versions: 8.49.26 and 8.50.07.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
______________________________________________________________________
10.16.63 CVE: CVE-2010-0861
Platform: Cross Platform
Title: Oracle E-Business Suite Oracle HRMS (Self Service) Remote
Description: Oracle E-Business Suite is exposed to a remote issue in
Oracle HRMS (Self Service). The issue can be exploited over the "HTTP"
protocol. This issue affects the following supported versions:
11.5.10.2, 12.0.6 and 12.1.2.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
______________________________________________________________________
10.16.64 CVE: CVE-2010-0867
Platform: Cross Platform
Title: Oracle Database Remote JavaVM
Description: Oracle Database is exposed to a remote issue in JavaVM.
The issue can be exploited over the "Oracle Net" protocol. For an
exploit to succeed, the attacker must have "Create Session" privileges.
This vulnerability affects the following supported versions: 10.2.0.4,
11.1.0.7 and 11.2.0.1.0.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
______________________________________________________________________
10.16.65 CVE: CVE-2010-0854
Platform: Cross Platform
Title: Oracle Database Remote Audit
Description: Oracle Database is exposed to a remote issue in Audit.
The issue can be exploited over the "Oracle Net" protocol. For an
exploit to succeed, the attacker must have "SELECT, INSERT or DELETE
on tables subject to auditing" privileges. This issue affects the
following supported versions: 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 and 11.1.0.7.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
______________________________________________________________________
10.16.66 CVE: CVE-2010-0877
Platform: Cross Platform
Title: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
PeopleTools
Description: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
are exposed to a remote issue in PeopleTools. The issue can be
exploited over the "HTTP" protocol. This vulnerability affects the
following supported versions: 8.49.26 and 8.50.07.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
______________________________________________________________________
10.16.67 CVE: CVE-2010-0865
Platform: Cross Platform
Title: Oracle E-Business Suite Oracle Agile Engineering Data
Management Remote
Description: Oracle E-Business Suite is exposed to a remote issue in
Oracle Agile Engineering Data Management. The issue can be exploited
over the "HTTP" protocol. This vulnerability affects the following
supported versions: 6.1.1.0.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
______________________________________________________________________
10.16.68 CVE: CVE-2010-0857
Platform: Cross Platform
Title: Oracle E-Business Suite Remote Oracle Workflow Cartridge
Description: Oracle E-Business Suite is exposed to a remote issue in
Oracle Workflow Cartridge. This vulnerability affects the following
supported versions: 11.5.10.2.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
______________________________________________________________________
10.16.69 CVE: CVE-2010-0878
Platform: Cross Platform
Title: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
PeopleTools
Description: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
are exposed to a remote issue in PeopleTools. For an exploit to succeed, the
attacker must have "Valid Session" privileges. This vulnerability
affects the following supported versions: 8.49.26 and 8.50.07.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
______________________________________________________________________
10.16.70 CVE: CVE-2010-0086
Platform: Cross Platform
Title: Oracle Fusion Middleware Remote Portal
Description: Oracle Fusion Middleware is exposed to a remote issue in
Portal. The issue can be exploited over the "HTTP" protocol. This
vulnerability affects the following supported versions: 10.1.2.3.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
______________________________________________________________________
10.16.71 CVE: CVE-2010-0871
Platform: Cross Platform
Title: Oracle E-Business Suite Oracle Application Object Library
Remote
Description: Oracle E-Business Suite is prone to a remote vulnerability
in Oracle Application Object Library. The issue can be exploited over
the "HTTP" protocol. Oracle E-Business Suite versions 11.5.10.2, 12.0.6,
and 12.1.2 are affected.
Ref:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
______________________________________________________________________
10.16.72 CVE: CVE-2010-0194
Platform: Cross Platform
Title: Adobe Acrobat and Reader X3D Component Remote Code Execution
Description: Adobe Reader and Acrobat are applications for handling PDF
files. Adobe Acrobat and Reader are exposed to a remote code execution
issue that occurs due to a memory corruption in the "3difr.x3d" X3D
component when displaying 3D content.
Affected versions: Adobe Reader 9.3.1 and prior for Windows, Macintosh,
and UNIX; Adobe Acrobat 9.3.1 and prior for Windows and Macintosh; Adobe
Reader 8.2.1 and prior for Windows and Macintosh; Acrobat 8.2.1 and
prior for Windows and Macintosh.
Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
______________________________________________________________________
10.16.73 CVE: CVE-2010-1241
Platform: Cross Platform
Title: Adobe Acrobat and Reader "CoolType.dll" Remote Code Execution
Description: Adobe Reader and Acrobat are applications for handling PDF
files. Adobe Acrobat and Reader are exposed to a remote code execution
issue. Specifically, the issue occurs due to a heap-based buffer
overflow in the "CoolType.dll" component.
Affected versions: Adobe Reader 9.3.1 and prior for Windows, Macintosh,
and UNIX; Adobe Acrobat 9.3.1 and prior for Windows and Macintosh; Adobe
Reader 8.2.1 and prior for Windows and Macintosh; Acrobat 8.2.1 and
prior for Windows and Macintosh.
Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
______________________________________________________________________
10.16.74 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Drupal Internationalization Module Cross-Site Scripting
Vulnerabilities
Description: The Internationalization module for Drupal gives sites
the ability to localize content. The module is exposed to multiple
unspecified cross-site scripting issues because it fails to properly
sanitize user-supplied input related to user-defined strings being
translated with the module.
Ref: http://drupal.org/node/764998
______________________________________________________________________
10.16.75 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Istgah For Centerhost "view_ad.php" Cross-Site Scripting
Description: Istgah for Centerhost is an application for managing website
advertisements. The application is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input.
Specifically, the "id" parameter of the "view_ad.php" script is
vulnerable.
Ref: http://www.securityfocus.com/bid/39330
______________________________________________________________________
10.16.76 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Almas Compiere Unspecified Cross-Site Scripting
Description: Almas Compiere is an enterprise resource planning
application implemented in JSP. The application is exposed to an
unspecified cross-site scripting issue because it fails to sanitize
user-supplied input. Compiere version J300_A02 is affected.
Ref: http://jvn.jp/en/jp/JVN57963254/index.html
______________________________________________________________________
10.16.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MODx Evolution Cross-Site Scripting and SQL Injection
Vulnerabilities
Description: MODx Evolution is a PHP-based content management
application. The application is exposed to multiple issues because it
fails to sanitize user-supplied input. A cross-site scripting issue exists in
the SearchHighlight plugin. An SQL injection issue exists in WebLogin. MODx
Evolution versions prior to 1.0.3 are affected.
Ref: http://jvn.jp/en/jp/JVN19774883/index.html
______________________________________________________________________
10.16.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Simple Gallery "cid" Parameter SQL Injection
Description: Simple Gallery is a PHP-based image gallery application.
Simple Gallery is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cid" parameter
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/39358
______________________________________________________________________
10.16.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: xbtit "functions.php" SQL Injection
Description: xbtit is a tracking system for BitTorrent. It is
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "uid" parameter of the "functions.php" script before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/39372
______________________________________________________________________
10.16.80 CVE: Not Available
Platform: Web Application
Title: MediaWiki Cross-Site Request Forgery
Description: MediaWiki is a PHP-based wiki application. MediaWiki is
exposed to a cross-site request forgery issue that occurs because the
applications allow attackers to perform certain actions using an HTTP
request, without validating the request. MediaWiki versions prior to
1.15.3 are affected.
Ref:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
______________________________________________________________________
10.16.81 CVE: Not Available
Platform: Web Application
Title: PotatoNews "nid" Parameter Multiple Local File Include Vulnerabilities
Description: PotatoNews is a PHP-based application for authoring news.
The application is exposed to local file include issues because it
fails to properly sanitize user-supplied input to the "nid" parameter
of the following scripts: "newcopy/timeago.php" and
"update/timeago.php". PotatoNews version 1.0.2 is affected.
Ref: http://www.securityfocus.com/bid/39276
______________________________________________________________________
10.16.82 CVE: Not Available
Platform: Web Application
Title: FreePHPWebsiteSoftware "default_theme.php" Remote File Include
Description: FreePHPWebsiteSoftware is a PHP-based web application.
The application is exposed to a remote file include issue because it
fails to properly sanitize user-supplied input to the "phpincdir"
parameter of the "default_theme.php" script. FreePHPWebsiteSoftware
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/39280
______________________________________________________________________
10.16.83 CVE: Not Available
Platform: Web Application
Title: vel File Uploader Remote File Upload
Description: vel File Uploader is a PHP-based file upload application.
The application is exposed to a remote file upload issue because it
fails to sufficiently sanitize user-supplied input to the upload
feature of the application. vel File Uploader version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/39294
______________________________________________________________________
10.16.84 CVE: Not Available
Platform: Web Application
Title: n-cms-equipe Multiple Local File Include Vulnerabilities
Description: n-cms-equipe is a PHP-based application for content
management. The application is exposed to local file include issues
because it fails to properly sanitize user-supplied input to the
following scripts and parameters: "body.php": "page" and
"includs.php": "tData[name]". n-cms-equipe version 1.1C-Debug is
affected.
Ref: http://www.securityfocus.com/bid/39298
______________________________________________________________________
10.16.85 CVE: Not Available
Platform: Web Application
Title: Plume CMS Multiple Local File Include Vulnerabilities
Description: Plume CMS is a PHP-based application for content
management. The application is exposed to local file include issues
because it fails to properly sanitize user-supplied input. Plume CMS
version 1.2.4 is affected.
Ref: http://www.securityfocus.com/bid/39299
______________________________________________________________________
10.16.86 CVE: Not Available
Platform: Web Application
Title: Drupal Views Module Cross-Site Scripting and PHP Code Injection
Vulnerabilities
Description: Views is a module for Drupal content manager. The module
provides a flexible method for Drupal site designers to control how
lists and tables of content are presented. The application is exposed
to multiple issues. Multiple cross-site scripting issues affect
certain unspecified parameters that are used in an Ajax callback
request. A cross-site scripting issue that occurs due to improper
validation of file descriptions. A PHP-code injection issue that exists
in the application that can be exploited by users with "Administer
views" permissions via the views import feature. Views versions prior
to 5.x-1.7 and 6.x-2.9 are affected.
Ref: http://drupal.org/node/765022
______________________________________________________________________
10.16.87 CVE: Not Available
Platform: Web Application
Title: TCPDF "params" Attribute Remote Code Execution Weakness
Description: TCPDF is a PHP class for generating PDF documents. TCPDF
is exposed to a security weakness that may allow attackers to execute
arbitrary code. This issue occurs when parsing a callback element.
Specifically, the application fails to sanitize user-supplied input to
the "param" attributes in an "eval()" statement located in the
"tcpdf.php" script. TCPDF versions prior to 4.9.006 are affected.
Ref: http://www.securityfocus.com/archive/1/510592
______________________________________________________________________
10.16.88 CVE: Not Available
Platform: Web Application
Title: Smileys Module For Drupal Delete URI Cross-Site Request Forgery
Description: Smileys is an emoticon module for the Drupal content
manager. Smileys is exposed to a cross-site request forgery issue that
affects the delete smileys URI. Smileys versions prior to 5.x-1.2
and Smileys versions 6.x-1.0-alpha5 and earlier are affected.
Ref: http://drupal.org/node/765000
______________________________________________________________________
10.16.89 CVE: Not Available
Platform: Web Application
Title: AWD Solution AWDwall Component for Joomla! "controller"
Parameter Local File Include
Description: AWD Solution AWDwall is a component for the Joomla!
content manager. The application is exposed to a local file include
issue because it fails to properly sanitize user-supplied input to the
"controller" parameter of the "com_awdwall" component. AWDwall version
1.5.4 is affected.
Ref: http://www.securityfocus.com/bid/39331
______________________________________________________________________
10.16.90 CVE: Not Available
Platform: Web Application
Title: givesight PowerMail Pro Component for Joomla! Local File
Include
Description: The PowerMail Pro (com_powermail) application is a mail
component for the Joomla! content manager. The component is exposed to
a local file include issue because it fails to properly sanitize
user-supplied input to the "controller" parameter of the
"com_powermail" component. PowerMail Pro version 1.5.3 is affected.
Ref: http://www.securityfocus.com/bid/39348
______________________________________________________________________
10.16.91 CVE: Not Available
Platform: Web Application
Title: Nodesforum Multiple Remote File Include Vulnerabilities
Description: Nodesforum is a web-based application developed in PHP.
The application is exposed to multiple remote file include issues
because it fails to sufficiently sanitize user-supplied input to the
following scripts and parameters:
"erase_user_data.php":"_nodesforum_path_from_here_to_nodesforum_folder"
and "pre_output.php":"_nodesforum_code_path". Nodesforum version 1.033
is affected.
Ref: http://www.securityfocus.com/bid/39359
______________________________________________________________________
10.16.92 CVE: Not Available
Platform: Web Application
Title: JProject Manager Joomla! Component "controller" Parameter Local
File Include
Description: JProject Manager is a project management component for
the Joomla! content manager. JProject Manager is exposed to a local
file include issue because it fails to properly sanitize user-supplied
input to the "controller" parameter. JProject Manager version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/39383
______________________________________________________________________
10.16.93 CVE: Not Available
Platform: Web Application
Title: AlphaUserPoints Joomla! Component "view" Parameter Local File
Include
Description: AlphaUserPoints is a PHP-based component for the Joomla!
content manager. AlphaUserPoints is exposed to a local file include
issue because it fails to properly sanitize user-supplied input to the
"view" parameter of the "com_alphauserpoints" component before using
it in an SQL query. AlphaUserPoints version 1.5.5 is affected.
Ref: http://www.securityfocus.com/bid/39393
______________________________________________________________________
10.16.94 CVE: Not Available
Platform: Web Application
Title: MyBB "set_common_header()" Email BCC Header Injection
Description: MyBB (MyBulletinBoard) is a PHP-based bulletin board
application. MyBB is exposed to an issue that may allow attackers to
inject arbitrary BCC headers into emails sent to MyBB users. This
issue results from a lack of input validation and arises in the
"set_common_header()" method. MyBB versions prior to 1.4.12 are
affected.
Ref:
http://www.sektioneins.com/en/advisories/advisory-012010-mybb-password-reset-email-bcc-injection-vulnerability/
______________________________________________________________________
10.16.95 CVE: Not Available
Platform: Web Application
Title: MyBB Insecure Random Password Generation
Description: MyBB (MyBulletinBoard) is a PHP-based bulletin board
application. MyBB is exposed to an insecure random password generation
issue that arises due to a design error because the application uses a
limited number of seed values when generating passwords. MyBB versions
prior to 1.4.12 are affected.
Ref:
http://www.sektioneins.com/en/advisories/advisory-022010-mybb-password-reset-weak-random-numbers-vulnerability/
______________________________________________________________________
10.16.96 CVE: CVE-2010-0993
Platform: Web Application
Title: Pulse CMS Arbitrary File Upload
Description: Pulse CMS is a PHP-based web application. The application
is exposed to an issue that lets attackers upload arbitrary files
because it fails to adequately sanitize user-supplied files before
uploading them onto the web server. Pulse CMS versions prior to 1.2.4
are affected.
Ref: http://secunia.com/secunia_research/2010-47/
______________________________________________________________________
10.16.97 CVE: Not Available
Platform: Web Application
Title: Blog System Multiple Input Validation Vulnerabilities
Description: Blog System is a PHP-based blogging application. The
application is exposed to multiple issues. A local file-include
issue that affects the "action" parameter of the "admin/index.php"
script. Multiple SQL injection issues that affects the "username" and
"password" fields of the "index.php" script. A cross-site scripting
issue that affects the "action" parameter of the "admin/index.php"
script. Blog System versions 1.5 and earlier are affected.
Ref: http://www.securityfocus.com/bid/39406
______________________________________________________________________
10.16.98 CVE: Not Available
Platform: Web Application
Title: FusionForge Multiple Remote File Include Vulnerabilities
Description: FusionForge is a web-based application developed in PHP.
The application is exposed to multiple remote file include issues
because it fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/39411
______________________________________________________________________
10.16.99 CVE: Not Available
Platform: Web Application
Title: openUrgence Vaccin Multiple Local and Remote File Include
Vulnerabilities
Description: openUrgence Vaccin is a web-based emergency response
application. The application is exposed to multiple input validation
issues. An attacker can exploit these issues to obtain sensitive
information or execute malicious PHP code in the context of the
web server process. openUrgence Vaccin version 1.03 is affected.
Ref: http://www.securityfocus.com/bid/39412
______________________________________________________________________
10.16.100 CVE: Not Available
Platform: Web Application
Title: openMairie openMaincourante Local and Remote File Include
Vulnerabilities
Description: openMairie openMaincourante is a web-based emergency
response application implemented in PHP. The application is exposed
to multiple input validation issues. An attacker can exploit these
issues to obtain sensitive information or execute malicious PHP code
in the context of the web server process. openMairie openMaincourante
1.01beta is vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/39413
______________________________________________________________________
10.16.101 CVE: Not Available
Platform: Web Application
Title: Vana CMS "filename" Parameter Remote File Download
Description: Vana CMS is a content management application implemented
in PHP. The application is exposed to an issue that lets attackers
download arbitrary files. The issue occurs because the application
fails to sufficiently sanitize user-supplied input to the "filename"
parameter of the "download.php" script.
Ref: http://www.securityfocus.com/bid/39415
______________________________________________________________________
10.16.102 CVE: Not Available
Platform: Network Device
Title: Edimax AR-7084gA Wireless ADSL Router Cross-Site Request
Forgery
Description: The Edimax AR-7084gA wireless ADSL router is exposed to a
cross-site request forgery issue. The appliance allows users to
perform HTTP requests without performing sufficient validity checks.
Specifically, the "/Forms/adv_nat_virsvr_1" script is affected. Edimax
AR-7084gA running firmware version 2.9.8.1 is affected.
Ref: http://www.securityfocus.com/bid/39349
______________________________________________________________________
10.16.103 CVE: CVE-2010-1140
Platform: Network Device
Title: VMware Hosted Products USB Service Local Privilege Escalation
Description: Multiple VMware products are exposed to a local privilege
escalation issue that affects the USB service. This issue occurs when
handling a malicious executable.
Ref: http://www.securityfocus.com/bid/39397
______________________________________________________________________
(c) 2010. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.
Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkvHzVsACgkQ+LUG5KFpTkYcjgCgmVkPD4izHU9T1LTnuxeTWv0O
w+sAnitxKMVSaKkAHn6qpmZz8PKU86pY
=EwCm
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]