@RISK: The Consensus Security Vulnerability Alert
Week 4 2012



This is a weekly newsletter that provides in-depth analysis of
the latest vulnerabilities with straightforward remediation advice. Qualys
supplies a large part of the newly-discovered vulnerability content used in
this newsletter.

@RISK: The Consensus Security Vulnerability Alert

Week 4 2012

Summary of Updates and Vulnerabilities in this Consensus

Platform                        Number of Updates and Vulnerabilities

Summary of Updates and Vulnerabilities in this Consensus

Platform Number of Updates and Vulnerabilities

Linux                                       2
Cross Platform                             13 (#1)
Web Application - Cross Site Scripting      2
Web Application - SQL Injection             1
Web Application                             4
Network Device                              1

Part I -- Critical Vulnerabilities from HP TippingPoint
(dvlabs.tippingpoint.com)

Widely Deployed Software
(1) MEDIUM: Google Chrome Stable Channel Updates

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)

-- Linux
12.4.1 - Linux Kernel iocbs Local Denial of Service
12.4.2 - Linux Kernel Local Privilege Escalation
-- Cross Platform
12.4.3 - Cisco Digital Media Manager Remote Privilege Escalation
12.4.4 - JBoss "mod_cluster" Security Bypass
12.4.5 - OpenSSL DTLS Remote Denial of Service
12.4.6 - Tucan Manager Plugin Update Security Bypass
12.4.7 - Multiple Red Hat Network Products XMLRPC Credential Information Disclosure
12.4.8 - GE Energy D20/D200 Substation Controller Code Execution and Information Disclosure Vulnerabilities
12.4.9 - KingSCADA Credential Information Disclosure
12.4.10 - IBM Lotus Symphony Image Object Integer Overflow
12.4.11 - IBM solidDB "SELECT" Statement Denial of Service
12.4.12 - Apache Struts "ParameterInterceptor" Class OGNL Security Bypass
12.4.13 - Google Chrome Multiple Security Vulnerabilities
12.4.14 - SAP NetWeaver Multiple Remote Vulnerabilities
12.4.15 - Opera Web Browser Information Disclosure and Security Bypass Vulnerabilities
-- Web Application - Cross Site Scripting
12.4.16 - IBM WebSphere Application Server Cross-Site Scripting
12.4.17 - osCommerce Multiple Unspecified Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
12.4.18 - SolarWinds Storage Manager Server SQL Injection
-- Web Application
12.4.19 - IBM WebSphere Application Server SibRaRecoverableSiXaResource Information Disclosure
12.4.20 - WordPress uCan Post plugin Multiple HTML Injection Vulnerabilities
12.4.21 - WordPress AllWebMenus Plugin "actions.php" Arbitrary File Upload
12.4.22 - Joomla! "com_some" Component "controller" Parameter Local File Include
-- Network Device
12.4.23 - Cisco IP Video Phone E20 Default Root Credentials Authentication Bypass

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process

(1) MEDIUM: Google Chrome Stable Channel Updates
Affected
Google Chrome prior to 18.0.1017.2

Description Google Chrome has released updates for multiple security
vulnerabilities affecting its Chrome web browser. The five
vulnerabilities are all rated "High" or "Critical" by Google and include
use-after free vulnerabilities in DOM handling and Safe Browsing
navigation; use of an uninitialized value in Skia, Google's 2D graphics
library; and a heap-buffer overflow in tree builder. By enticing a
target to view a malicious page, an attacker can exploit these
vulnerabilities in order to execute arbitrary code on the target's
machine.

Status vendor confirmed, updates available

References
Vendor Site
http://www.google.com
Google Stable Channel Update
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html
SecurityFocus BugTraq ID
http://www.securityfocus.com/bid/51641

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 13091 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.

12.4.1 CVE CVE-2012-0058
Platform Linux
Title Linux Kernel iocbs Local Denial of Service
Description Linux kernel is exposed to a local denial of service issue
that occurs when one of the iocbs submitted by a user fails.  This
leaves the rest of the iocbs unprocessed and still active.  Active iocbs
are not removed and may cause a corrupted list resulting in kernel oops.
Ref http://www.securityfocus.com/bid/51534/references

12.4.2 CVE CVE-2012-0056
Platform Linux
Title Linux Kernel Local Privilege Escalation
Description The Linux kernel is exposed to a local privilege
escalation issue because the kernel fails to restrict access to
"/proc/<pid>/mem" file. Successfully exploiting this issue will enable
an attacker to write into the memory of a privileged process.
Ref http://blog.zx2c4.com/749

12.4.3 CVE CVE-2012-0329
Platform Cross Platform
Title Cisco Digital Media Manager Remote Privilege Escalation
Description The Cisco Digital Media Manager is the central management
application for all Cisco Digital Media Suite products. The application
is exposed to a remote privilege escalation issue because of improper
validation of unreferenced URLs. See reference for further details.
Ref
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-dmm

12.4.4 CVE CVE-2011-4608
Platform Cross Platform
Title JBoss "mod_cluster" Security Bypass
Description The JBoss  "mod_cluster" module is a server module for
various JBoss applications. The JBoss "mod_cluster" module is exposed
to a remote security bypass issue that occurs because the
"mod_cluster" module allows worker nodes to register on a virtual host.
Ref https://rhn.redhat.com/errata/RHSA-2012-0040.html

12.4.5 CVE CVE-2012-0050
Platform Cross Platform
Title OpenSSL DTLS Remote Denial of Service
Description OpenSSL is an open source implementation of the SSL
protocol. OpenSSL is exposed to a denial of service issue because of an
incorrect fix for CVE-2011-4108. OpenSSL versions 1.0.0f and 0.9.8s are
affected.
Ref http://www.openssl.org/news/secadv_20120118.txt

12.4.6 CVE CVE-2012-0063
Platform Cross Platform
Title Tucan Manager Plugin Update Security Bypass
Description Tucan Manager is a file sharing application. Tucan
Manager is exposed to a security bypass issue because the
application fails to properly check digital signatures before
installing plugins. Tucan Manager version 0.3.9-1 is affected.
Ref https://bugzilla.redhat.com/show_bug.cgi?id=782999

12.4.7 CVE CVE-2012-0059
Platform Cross Platform
Title Multiple Red Hat Network Products XMLRPC Credential
Information Disclosure
Description Multiple Red Hat products including Red Hat Network
Satellite Server, Red Hat Network Proxy Server and Spacewalk are
exposed to a remote information disclosure issue. The problem occurs
when handling a failed XMLRPC system registration call.
Ref https://bugzilla.redhat.com/show_bug.cgi?id=782819

12.4.8 CVE Not Available
Platform Cross Platform
Title GE Energy D20/D200 Substation Controller Code Execution and
Information Disclosure Vulnerabilities
Description D20/D200 Substation Controller is an software application
that provides substation server functionality in a mission critical
substation hardened package. D20/D200 Substation Controller is exposed
to multiple issues. An arbitrary code execution issue occurs
because of an unspecified error within the TFTP service and an
information disclosure issue occurs because of an unspecified
error within the TFTP service.
Ref http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-019-01.pdf

12.4.9 CVE Not Available
Platform Cross Platform
Title KingSCADA Credential Information Disclosure
Description KingSCADA is an Interactive Graphical SCADA System.
KingSCADA is exposed to a remote information disclosure issue because
user credentials are insecurely stored in the "user.db". KingSCADA
version 3.0 is affected.
Ref http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-06.pdf

12.4.10 CVE CVE-2012-0192
Platform Cross Platform
Title IBM Lotus Symphony Image Object Integer Overflow
Description IBM Lotus Symphony is productivity software that contains
three applications: Lotus Symphony Documents, Lotus Symphony
Spreadsheets and Lotus Symphony Presentations. IBM Lotus Symphony is
exposed to an integer overflow issue because it fails to properly
validate user-supplied input when processing embedded image objects.
IBM Lotus Symphony version 3.0.0 FP3 revision 20110707.1500 is affected.
Ref http://www-01.ibm.com/support/docview.wss?uid=swg21578684

12.4.11 CVE Not Available
Platform Cross Platform
Title IBM solidDB "SELECT" Statement Denial of Service
Description IBM solidDB is a relational SQL database. IBM solidDB is
exposed to a denial of service issue when processing a "SELECT"
statement, which contains a rownum condition with a subquery. IBM
solidDB versions prior to 6.5.0.8 Interim Fix 5 are affected.
Ref http://www-01.ibm.com/support/docview.wss?rs=3457&uid=swg1IC79861

12.4.12 CVE CVE-2011-3923
Platform Cross Platform
Title Apache Struts "ParameterInterceptor" Class OGNL Security Bypass
Description Apache Struts is a framework for building web
applications. Apache Struts is exposed to a security bypass issue
because it fails to adequately handle user-supplied input.
Specifically, the application permits attackers to bypass protection
mechanisms built into the "ParameterInterceptor" class with OGNL
expressions. Apache Struts versions 2.0.0 through 2.3.1.1 are affected.
Ref
https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt

12.4.13 CVE
CVE-2011-3928,CVE-2011-3927,CVE-2011-3926,CVE-2011-3925,CVE-2011-3924
Platform Cross Platform
Title Google Chrome Multiple Security Vulnerabilities
Description Google Chrome is a web browser for multiple platforms.
Google Chrome is exposed to multiple security issues. See reference
for complete details. Chrome versions prior to 16.0.912.77 are affected.
Ref
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html

12.4.14 CVE Not Available
Platform Cross Platform
Title SAP NetWeaver Multiple Remote Vulnerabilities
Description SAP NetWeaver is an integration platform for enterprise
applications. The platform is exposed to multiple issues. A security
bypass issue allows attackers to gain unauthorized access to Runtime
Workbench resources. An information disclosure issue affects the
"PFL_CHECK_OS_FILE_EXISTENCE" function.
Ref http://dsecrg.com/pages/vul/show.php?id=411

12.4.15 CVE Not Available
Platform Cross Platform
Title Opera Web Browser Information Disclosure and Security Bypass
Vulnerabilities
Description Opera Web Browser is a browser available for multiple
operating systems. Opera Web Browser is exposed to multiple issues.  An
information disclosure issue occurs because certain types of HTML
elements fail to behave properly when referencing a local file.  A
security bypass issue lets attackers bypass the same-origin policy
because of an error related to framed content. Opera versions prior to
11.61 are affected.
Ref http://www.opera.com/support/kb/view/1008/

12.4.16 CVE CVE-2011-5065
Platform Web Application - Cross Site Scripting
Title IBM WebSphere Application Server Cross-Site Scripting
Description IBM WebSphere Application Server for z/OS is a web
server. The Server is exposed to an unspecified cross-site scripting
issue because it fails to properly sanitize user-supplied input. IBM
WebSphere Application Server versions prior to 6.1.0.41 are affected.
Ref http://www-01.ibm.com/support/docview.wss?uid=swg27007951

12.4.17 CVE CVE-2012-0312,CVE-2012-0311
Platform Web Application - Cross Site Scripting
Title osCommerce Multiple Unspecified Cross Site Scripting
Vulnerabilities
Description osCommerce is a web-based shopping cart application. The
application is exposed to multiple unspecified cross-site scripting
issues because it fails to properly sanitize user-supplied input.
Ref http://jvn.jp/en/jp/JVN36559450/index.html

12.4.18 CVE Not Available
Platform Web Application - SQL Injection
Title SolarWinds Storage Manager Server SQL Injection
Description Storage Manager Server is an application for storage
virtualization management. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "loginName" field of the "LoginServlet" page. Storage Manager
Server version 5.1.2 is affected.
Ref http://www.securityfocus.com/archive/1/521328

12.4.19 CVE CVE-2011-5066
Platform Web Application
Title IBM WebSphere Application Server SibRaRecoverableSiXaResource
Information Disclosure
Description The IBM WebSphere Application Server is available
for various operating systems. The IBM WebSphere Application Server is
exposed to a remote information disclosure issue because it does not
properly handle a Service Integration Bus dump operation.
Ref http://www-01.ibm.com/support/docview.wss?uid=swg1PM36685

12.4.20 CVE Not Available
Platform Web Application
Title WordPress uCan Post plugin Multiple HTML Injection
Vulnerabilities
Description WordPress is a PHP-based content manager. uCan Post is a
plugin for WordPress. The plugin is exposed to multiple HTML injection
issues because it fails to properly sanitize user-supplied input
submitted to the "Name", "Email" and "Title" fields. uCan Post
version 1.0.09 is affected.
Ref http://www.securityfocus.com/bid/51564

12.4.21 CVE Not Available
Platform Web Application
Title WordPress AllWebMenus Plugin "actions.php" Arbitrary File
Upload
Description AllWebMenus is a plugin for WordPress. The application is
exposed to an arbitrary files upload issue because the application fails
to properly validate file extensions. AllWebMenus versions prior to
1.1.9 are affected.
Ref http://www.securityfocus.com/bid/51615

12.4.22 CVE Not Available
Platform Web Application
Title Joomla! "com_some" Component "controller" Parameter Local File
Include
Description "com_some" is a component for the Joomla! content
manager. The component is exposed to a local file include issue
because it fails to properly sanitize user-supplied input submitted to
the "controller" parameter of the "index.php" script.
Ref http://www.securityfocus.com/bid/51621

12.4.23 CVE CVE-2011-4659
Platform Network Device
Title Cisco IP Video Phone E20 Default Root Credentials
Authentication Bypass
Description Cisco IP Video Phone E20 is a communication device which
merges voice, video and collaboration into one unit. Cisco IP Video
Phone E20 is exposed to a remote authentication bypass issue because
the default "root" account is not properly disabled.
Ref
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-te

Qualys Solutions
Qualys Community
Free Tools & Trials
Free Trial

Nothing to install or download!

1 (800) 745 4355