NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2010

RISK: The Consensus Security Vulnerability Alert Vol. 9 No. 35

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Aug 26 2010 - 18:32:45 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

******************************************************************
RISK: The Consensus Security Vulnerability Alert
August 26th, 2010 Vol. 9. Week 35
******************************************************************

Summary of Updates and Vulnerabilities in this Consensus

Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------

Third Party Windows Apps 3
Linux 4
BSD 1
Cross Platform 9 (#1,#2)
Web Application - Cross Site Scripting 6
Web Application - SQL Injection 1
Web Application 7
Network Device 2

*********************** Sponsored By SANS ************************

SANS introduces two new free whitepaper resources written by Dave
Shackleford:

McAfee Total Protection for Server Review - http://www.sans.org/info/64078

A Guide to Virtualization Hardening Guides - http://www.sans.org/info/64083

Visit our reading room often for free resources!
http://www.sans.org/info/64088
******************************************************************
TRAINING UPDATE
New "Combating Malware in the Enterprise" course at SANS (SEC569).
How do you fight off malware when you have thousands of hosts?
Course debut in Las Vegas (Sept'10) and Washington DC (Dec'10):
http://www.sans.org/security-training/combating-malware-enterprise-1482-mid
- -- SANS Virginia Beach 2010, August 29-September 3, 2010
9 courses. Bonus evening presentations include Future Trends in
Network Security; Hack Back! The Advanced Persistent Threat; and
Securing the Human.
http://www.sans.org/virginia-beach-2010/
- -- SANS Network Security 2010, Las Vegas, September 19-27, 2010
40 courses. Bonus evening presentations include The Return of Command
Line Kung Fu and Cyberwar or Business as Usual? The State of US
Federal CyberSecurity Initiatives
http://www.sans.org/network-security-2010/
- -- SOS: SANS October Singapore, October 4-11, 2010
7 courses
http://www.sans.org/singapore-sos-2010/
- -- SANS Chicago 2010, Skokie, Illinois, October 25-30, 2010
7 courses. Bonus evening presentations include Weaponizing LISP:
Advancing the Art of Network Security
http://www.sans.org/chicago-2010/night.php
- -- SANS San Francisco 2010, November 5-12, 2010
7 courses
http://www.sans.org/san-francisco-2010/
- -- SANS London 2010, November 27-December 6, 2010
14 courses. Bonus evening presentations include Latest Advances in
Computer Forensics and Continuous Vulnerability Testing and
Remediation: The 20 Critical Security Controls Perspective
http://www.sans.org/london-2010/
- -- SANS Cyber Defense Initiative 2010, December 10-17, 2010
24 courses.
http://www.sans.org/cyber-defense-initiative-2010/
- -- Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus London, Dubai, Bangalore, San Antonio and Sydney all in the
next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
********************************************************

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) HIGH: Google Chrome Multiple Vulnerabilities
(2) HIGH: Adobe Shockwave Player Code Execution Vulnerabilities

************************* Sponsored Links: ***************

1) The #1 Top Reason that the smart control systems engineers and IT
security people in the critical infrastructure are attending the 2010
European SCADA and Control Systems Security Summit. Users of ABB, GE,
Siemens, and Rockwell control systems will be in on the ground floor of
a coordinated plan for dealing with both of the two most virulent cyber
threats facing your systems. And if you use any other control systems,
you'll come home with a game plan you can discuss with your vendor.
http://www.sans.org/info/64093

2) "Combating Malware in the Enterprise" course at SANS (SEC569).
How do you fight off malware when you have thousands of hosts?
Course debut in Las Vegas (Sept'10) and Washington DC (Dec'10):
http://www.sans.org/security-training/combating-malware-enterprise-1482-mid
********************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)

-- Third Party Windows Apps
10.35.1 - Adersoft VbsEdit ".vbs" File Denial Of Service Issue
10.35.2 - UiPlayer "UiCheck.dll" ActiveX Buffer Overflow
10.35.3 - Tuniac ".m3u" File Buffer Overflow
-- Linux
10.35.4 - Red Hat VDSM Module SSL Connection Denial of Service Issue
10.35.5 - Linux Kernel KVM Intel VT-x Extension NULL Pointer Denial of Service
10.35.6 - Linux Kernel Controller Area Network Protocol Local Privilege Escalation
10.35.7 - Linux Kernel JFS xattr Namespace Rules Security Bypass Issue
-- BSD
10.35.8 - FreeBSD "setusercontext()" Local Security Bypass Issue
-- Cross Platform
10.35.9 - PHP "ibase_gen_id()" Function off-by-one Buffer Overflow
10.35.10 - Serv-U Denial of Service and Security Bypass Vulnerabilities
10.35.11 - Apple iTunes Log File Insecure File Operation Local Privilege Escalation
10.35.12 - IBM Tivoli Storage Manager FastBack Remote Code Execution and Denial of Service Vulnerabilities
10.35.13 - Google Chrome Multiple Security Vulnerabilities
10.35.14 - Novell iPrint Client Multiple Security Vulnerabilities
10.35.15 - QEMU KVM Multiple Issues
10.35.16 - libHX "HX_split()" Remote Heap-Based Buffer Overflow Issue
10.35.17 - Oracle MySQL "TEMPORARY InnoDB" Tables Denial of Service
-- Web Application - Cross Site Scripting
10.35.18 - LXR Cross Referencer TITLE Element Cross-Site Scripting Issue
10.35.19 - ACCESSGUARDIAN Unspecified Cross-Site Scripting Issue
10.35.20 - Online Work Order Suite Lite Edition Multiple Cross-Site Scripting Vulnerabilities
10.35.21 - Drupal Simplenews Content Selection Module Cross-Site Scripting Issue
10.35.22 - ViArt Helpdesk Multiple Cross-Site Scripting Vulnerabilities
10.35.23 - phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
10.35.24 - PHP City Portal "login.php" Multiple SQL Injection Issues
-- Web Application
10.35.25 - PHPCMS2008 "download.php" Information Disclosure Issue
10.35.26 - Mollify Authentication Bypass Vulnerability and Multiple Information Disclosure Weaknesses
10.35.27 - MAXcms Multiple Remote File Include Issues
10.35.28 - DotNetNuke Syndication Handler Remote Denial of Service Issue
10.35.29 - Netpet CMS "confirm.php" Local File Include
10.35.30 - In-Portal CMS "index.php" Local File Include
10.35.31 - phpMyAdmin Configuration File PHP Code Injection
-- Network Device
10.35.32 - Blue Coat ProxySG Read Only Administrator Security Bypass Issue
10.35.33 - SonicWALL E-Class SSL-VPN Format String Issue
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) HIGH: Google Chrome Multiple Vulnerabilities
Affected:
Google Chrome prior to 5.0.375.127

Description: Google has recently released an update for multiple
vulnerabilities affecting Google Chrome. While the severity of these
vulnerabilities is unspecified, some of them are memory corruption
vulnerabilities, which can often be exploited for code execution. The
memory corruption vulnerabilities involve the file dialog, Scalable
Vector Graphics (SVG), MIME type handling, Ruby support, and Geolocation
support. All of these vulnerabilities appear to require the target to
navigate to a malicious site for exploitation.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.google.com
Google Stable Channel Update
http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html
SecurityFocus BID
http://www.securityfocus.com/bid/42571

*************************************************************

(2) HIGH: Adobe Shockwave Player Code Execution Vulnerabilities
Affected:
Adobe Shockwave Player

Description: Adobe has released a patch for Shockwave Player in order
to address several vulnerabilities that could lead to code execution.
The vulnerabilities involve parsing errors in Shockwave's handling of
3D objects and Director files. An attacker must entice a target to visit
a malicious site in order to exploit these vulnerabilities, which could
lead to code execution.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.adobe.com
Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb10-20.html
Zero Day Initiative Advisories
http://www.zerodayinitiative.com/advisories/ZDI-10-160
http://www.zerodayinitiative.com/advisories/ZDI-10-161
http://www.zerodayinitiative.com/advisories/ZDI-10-162
http://www.zerodayinitiative.com/advisories/ZDI-10-163
http://www.zerodayinitiative.com/advisories/ZDI-10-164

*************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilitis from Qualys
(www.qualys.com)

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 9947 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

10.35.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Adersoft VbsEdit ".vbs" File Denial Of Service Issue
Description: Adersoft VbsEdit is a VBScript editor available for
Microsoft Windows. The application is exposed to a denial of service
issue. Specifically, the issue occurs when a crafted ".vbs" file is
parsed. Adersoft VbsEdit version 4.6.1 is affected.
Ref: http://www.securityfocus.com/bid/42525/references
______________________________________________________________________

10.35.2 CVE: CVE-2009-2970
Platform: Third Party Windows Apps
Title: UiPlayer "UiCheck.dll" ActiveX Buffer Overflow
Description: UiPlayer is exposed to a buffer overflow issue because
the application utilize an ActiveX control that fails to adequately
validate user-supplied input. UiTV UiPlayer versions1.0.0.6 and
earlier are affected.
Ref: http://www.nsfocus.com/en/advisories/0901.html
______________________________________________________________________

10.35.3 CVE: CVE-2009-4867
Platform: Third Party Windows Apps
Title: Tuniac ".m3u" File Buffer Overflow
Description: Tuniac is a multimedia application for Microsoft Windows.
The application is exposed to a buffer overflow issue because it fails
to perform adequate checks on user-supplied input. Specifically, this
issue occurs when opening a specially crafted ".m3u" file. Tuniac
version 090517c is affected.
Ref: http://www.securityfocus.com/bid/42568
______________________________________________________________________

10.35.4 CVE: Not Available
Platform: Linux
Title: Red Hat VDSM Module SSL Connection Denial of Service Issue
Description: Red Hat VDSM Module is management module that serves as a
Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise
Virtualization Hypervisor or Red Hat Enterprise Linux hosts. The module
is exposed to a denial of service issue. Specifically, this issue occurs
when accepting a specially crafted SSL connection.
Ref: http://www.securityfocus.com/bid/42580/references
______________________________________________________________________

10.35.5 CVE: CVE-2010-0435
Platform: Linux
Title: Linux Kernel KVM Intel VT-x Extension NULL Pointer Denial of
Service
Description: The Linux kernel is exposed to a denial of service issue
that affects the Kernel based Virtual Machine. Specifically, if
the Intel-VT-x extension is enabled, a NULL pointer exception can be
triggered with a crafted "mov" instruction.
Ref: https://patchwork.kernel.org/patch/95725/
______________________________________________________________________

10.35.6 CVE: CVE-2010-2959
Platform: Linux
Title: Linux Kernel Controller Area Network Protocol Local Privilege
Escalation
Description: The Linux kernel is exposed to a local privilege
escalation issue because it fails to properly handle applications that
expand stacks into adjacent memory regions. Linux kernel is affected
on multiple architectures.
Ref: http://www.securityfocus.com/bid/42585/references
______________________________________________________________________

10.35.7 CVE: CVE-2010-2946
Platform: Linux
Title: Linux Kernel JFS xattr Namespace Rules Security Bypass Issue
Description: The Linux kernel is exposed to a security bypass issue
affecting the JFS filesystem. Specifically, local attackers can bypass
extended file attributes ("xattr") namespace access rules by appending
"os2." to the front of a valid "xattr" name.
Ref: http://www.securityfocus.com/bid/42589
______________________________________________________________________

10.35.8 CVE: Not Available
Platform: BSD
Title: FreeBSD "setusercontext()" Local Security Bypass Issue
Description: FreeBSD is a BSD based operating system. FreeBSD is
exposed to a local security bypass issue. Specifically, this issue
occurs because the "setusercontext()" function in the
"lib/libutil/login_class.c" file applies certain user settings in an
insecure manner while running with the privileges of another user.
Ref: http://www.freebsd.org/cgi/query-pr.cgi?pr=141840
______________________________________________________________________

10.35.9 CVE: Not Available
Platform: Cross Platform
Title: PHP "ibase_gen_id()" Function off-by-one Buffer Overflow
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
PHP is exposed to an off-by-one buffer overflow issue because it fails
to perform boundary checks before copying user-supplied data to
insufficiently sized memory buffers. PHP version 5.3.3 is affected.
Ref: http://www.exploit-db.com/exploits/14678/
______________________________________________________________________

10.35.10 CVE: Not Available
Platform: Cross Platform
Title: Serv-U Denial of Service and Security Bypass Vulnerabilities
Description: Serv-U is a file server. The application is exposed to
multiple issues. A security bypass issue occurs when handling
virtual paths and may allow attackers to create directories without
sufficient privileges. A denial of service issue that
occurs when processing certain invalid URL parameters may result
in a crash of the application. Serv-U versions prior to 10.2.0.0 are
affected.
Ref: http://www.serv-u.com/releasenotes/
______________________________________________________________________

10.35.11 CVE: CVE-2010-1768, CVE-2010-1795
Platform: Cross Platform
Title: Apple iTunes Log File Insecure File Operation Local Privilege
Escalation
Description: Apple iTunes is a media player for Microsoft Windows and
Apple Mac OS X. Apple iTunes is exposed to a local privilege
escalation issue due to an insecure file operation when handling log
files for mobile devices. Apple iTunes versions prior to 9.1 on Apple
Mac OS X are affected.
Ref: http://support.apple.com/kb/HT4105
______________________________________________________________________

10.35.12 CVE: Not Available
Platform: Cross Platform
Title: IBM Tivoli Storage Manager FastBack Remote Code Execution and
Denial of Service Vulnerabilities
Description: IBM Tivoli Storage Manager FastBack is a storage
management and recovery application for Microsoft Windows and Linux. The
application is exposed to multiple remote issues. IBM Tivoli Storage
Manager FastBack versions prior to 5.5.7 or 6.1.1 are affected.
Ref: http://www.securityfocus.com/bid/42549/references
______________________________________________________________________

10.35.13 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Multiple Security Vulnerabilities
Description: Google Chrome is a web browser for multiple platforms.
Google Chrome is exposed to multiple issues. Attackers can exploit
these issues to execute arbitrary code in the context of the browser,
cause denial of service, or disclose sensitive information.
Other attacks are also possible. Chrome Versions prior to 5.0.375.127
are affected.
Ref:
http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html
______________________________________________________________________

10.35.14 CVE: CVE-2010-1527
Platform: Cross Platform
Title: Novell iPrint Client Multiple Security Vulnerabilities
Description: Novell iPrint Client is a client application for printing
over the Internet. The application is exposed to multiple security
issues. A stack-based buffer overflow issue affects the
"call-back-url" parameter for a "op-client-interface-version"
operation when the "result-type" parameter is set to "url". A
security issue that occurs in PluginGetDriverFile can be exploited to
use data in uninitialized memory as a pointer. Novell iPrint Client
versions prior 5.44 are affected.
Ref: http://www.novell.com/support/viewContent.do?externalId=7006679
______________________________________________________________________

10.35.15 CVE: CVE-2010-0428, CVE-2010-0431, CVE-2010-2784,
CVE-2010-0429
Platform: Cross Platform
Title: QEMU KVM Multiple Issues
Description: QEMU is a processor emulator that is available for
various platforms. QEMU KVM is exposed to multiple issues. A local
privilege escalation issue occurs because the "libspice" component of QEMU
KVM on the host fails to validate all pointers provided from the
guest system's QXL graphics card driver. A local memory corruption
issue occurs in the QXL graphics card driver.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=568809
______________________________________________________________________

10.35.16 CVE: CVE-2010-2947
Platform: Cross Platform
Title: libHX "HX_split()" Remote Heap-Based Buffer Overflow Issue
Description: libHX is a C library that provides functionality common
to scripting languages.
The library is exposed to a heap-based buffer overflow issue because
it fails to properly validate user-supplied input. The issue occurs
when the "HX_split()" function is called with fewer string fields than
expected. libHX version 3.5 is affected.
Ref: http://www.securityfocus.com/bid/42592
______________________________________________________________________

10.35.17 CVE: Not Available
Platform: Cross Platform
Title: Oracle MySQL "TEMPORARY InnoDB" Tables Denial of Service
Description: MySQL is an open-source SQL database available for
multiple operating systems. MySQL is exposed to a denial of service
issue because the application fails to properly use "TEMPORARY InnoDB"
tables with nullable columns. MySQL versions prior to 5.1.49 are
affected.
Ref: http://bugs.mysql.com/bug.php?id=54044
______________________________________________________________________

10.35.18 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: LXR Cross Referencer TITLE Element Cross-Site Scripting Issue
Description: LXR Cross Referencer is a web-based general purpose
source code indexer and cross referencer. The application is exposed
to a cross-site scripting issue because it fails to sufficiently
sanitize user-supplied data. This issue affects a string in the search
page's TITLE element in the "lib/LXR/Common.pm" file. LXR Cross
Referencer versions prior 0.98 are affected.
Ref:
http://lxr.cvs.sourceforge.net/viewvc/lxr/lxr/lib/LXR/Common.pm?view=log#rev1.64
______________________________________________________________________

10.35.19 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ACCESSGUARDIAN Unspecified Cross-Site Scripting Issue
Description: ACCESSGUARDIAN is a web application. ACCESSGUARDIAN is
exposed to an unspecified cross-site scripting issue because it fails
to properly sanitize user-supplied input. ACCESSGUARDIAN versions
prior to 3.0.16 and 3.5.9 are affected.
Ref: http://www.securityfocus.com/bid/42522/references
______________________________________________________________________

10.35.20 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Online Work Order Suite Lite Edition Multiple Cross-Site
Scripting Vulnerabilities
Description: Online Work Order Suite Lite Edition is a PHP-based web
application. The application is exposed to multiple cross-site
scripting issues because it fails to sanitize user-supplied input.
Online Work Order Suite Lite Edition 3.10 is affected.
Ref: http://www.securityfocus.com/bid/42535
______________________________________________________________________

10.35.21 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Drupal Simplenews Content Selection Module Cross-Site Scripting
Issue
Description: Simplenews Content Selection is a module of the Drupal
content manager. The module is exposed to a cross-site scripting issue
because it fails to properly sanitize unspecified user input in its
administrator page. Simplenews Content Selection version 6.x-1.5 is
affected.
Ref: http://www.securityfocus.com/bid/42540
______________________________________________________________________

10.35.22 CVE: CVE-2009-4548
Platform: Web Application - Cross Site Scripting
Title: ViArt Helpdesk Multiple Cross-Site Scripting Vulnerabilities
Description: ViArt Helpdesk is a PHP-based web application. The
application is exposed to multiple cross-site scripting issues
because it fails to properly sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/42543
______________________________________________________________________

10.35.23 CVE: CVE-2010-3056
Platform: Web Application - Cross Site Scripting
Title: phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
Description: phpMyAdmin is a web-based administration interface for
MySQL databases. The application is exposed to multiple cross-site
scripting issues because it fails to properly sanitize user-supplied
input. phpMyAdmin versions 2.11.x prior to 2.11.10.1 and phpMyAdmin
3.x prior to 3.3.5.1 are affected.
Ref: http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php
______________________________________________________________________

10.35.24 CVE: CVE-2009-4870
Platform: Web Application - SQL Injection
Title: PHP City Portal "login.php" Multiple SQL Injection Issues
Description: PHP City Portal is a PHP-based content management
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user supplied data to
the "req_username" and "req_password" parameters of the "login.php"
script.
Ref: http://www.securityfocus.com/bid/42536/references
______________________________________________________________________

10.35.25 CVE: Not Available
Platform: Web Application
Title: PHPCMS2008 "download.php" Information Disclosure Issue
Description: PHPCMS2008 is a PHP-based content manager. The
application is exposed to an information disclosure issue because it
fails to sufficiently validate user supplied input to the "f"
parameter of the "download.php" script.
Ref: http://www.securityfocus.com/archive/1/507271
______________________________________________________________________

10.35.26 CVE: Not Available
Platform: Web Application
Title: Mollify Authentication Bypass Vulnerability and Multiple
Information Disclosure Weaknesses
Description: Mollify is a web file manager. The application is exposed
to an authentication bypass issue because it fails to verify user-supplied
data to the "backend/r.php" script before using it to
download files. Mollify versions prior to 1.6.5.5 are affected.
Ref: http://code.google.com/p/mollify/wiki/ChangeLog#Version_1.6.5.5
______________________________________________________________________

10.35.27 CVE: Not Available
Platform: Web Application
Title: MAXcms Multiple Remote File Include Issues
Description: MAXcms is a PHP-based content management system. The
application is exposed to multiple remote file include issues because
it fails to properly sanitize user supplied input to multiple
parameters and scripts. MAXcms version 3.11.20b is affected.
Ref: http://www.securityfocus.com/bid/42534/references
______________________________________________________________________

10.35.28 CVE: Not Available
Platform: Web Application
Title: DotNetNuke Syndication Handler Remote Denial of Service Issue
Description: DotNetNuke is an open source framework for creating and
deploying websites. The application is exposed to a denial of service
issue that occurs when handling certain requests for the syndication
handler. DotNetNuke versions prior to 5.5.0 are affected.
Ref: http://www.securityfocus.com/bid/42550
______________________________________________________________________

10.35.29 CVE: Not Available
Platform: Web Application
Title: Netpet CMS "confirm.php" Local File Include
Description: Netpet CMS is a PHP-based content management system. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "language" parameter
of the "netpet/confirm.php" script. Netpet CMS version 1.9 is
affected.
Ref: http://www.securityfocus.com/bid/42553/references
______________________________________________________________________

10.35.30 CVE: Not Available
Platform: Web Application
Title: In-Portal CMS "index.php" Local File Include
Description: In-Portal is a PHP-based content management system. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "env" parameter of the
"index.php" script. In-Portal CMS version 4.3.1 is affected.
Ref: http://www.securityfocus.com/bid/42565
______________________________________________________________________

10.35.31 CVE: CVE-2010-3055
Platform: Web Application
Title: phpMyAdmin Configuration File PHP Code Injection
Description: phpMyAdmin is a PHP-based web application. phpMyAdmin is
exposed to an issue that lets attackers inject arbitrary PHP code. The
issue occurs because the application fails to properly sanitize
user-supplied input to the setup script. phpMyAdmin versions prior to
2.11.10.1 are affected.
Ref: http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php
______________________________________________________________________

10.35.32 CVE: Not Available
Platform: Network Device
Title: Blue Coat ProxySG Read Only Administrator Security Bypass Issue
Description: Blue Coat ProxySG is an enterprise proxy appliance. The
device is exposed to a security bypass issue because it fails to
restrict access to certain pages in the Management Console and the
Command Line Interface. Specifically, commands sent through an HTTPS
URI bypasses the privilege enforcement and allow a read only
administrator to execute all administrative commands. Blue Coat
ProxySG Versions prior to 5.5.3.1 are affected.
Ref: https://kb.bluecoat.com/index?page=content&id=SA45
______________________________________________________________________

10.35.33 CVE: Not Available
Platform: Network Device
Title: SonicWALL E-Class SSL-VPN Format String Issue
Description: SonicWALL E-Class SSL VPN is an appliance designed to
provide remote VPN access to the corporate network. It comes with an
ActiveX control. The ActiveX control contains a format string issue that
occurs because the application fails to properly sanitize user-supplied
data that contain format specifiers. Specifically, a format string issue
resides in the "AuthCredential" function of the ActiveX control
identified by CLSID:
2A1BE1E7-C550-4D67-A553-7F2D3A39233D
This issue affects SonicWALL E-Class SSL-VPN version 10.0.4 and all
previous versions as well as 10.5.1 without a hot fix.
Ref: http://www.securityfocus.com/bid/42548
______________________________________________________________________

(c) 2010. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.

Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkx296sACgkQ+LUG5KFpTkZrRgCfb25Z8Z9dR906KBC4OTPVlybk
EQsAn2MXOeoTGGXHtUtGanGTWRO5CYnb
=y72d
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]