Everything you need to measure, manage, and reduce your cyber risk in one place
See entire attack surface, continuously maintain your CMDB, and track EOL/EOS software
Gain an attacker’s view of your external internet-facing assets and unauthorized software
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster
Consolidate & translate security & vulnerability findings from 3rd party tools
Automate scanning in CI/CD environments with shift left DAST testing
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Efficiently remediate vulnerabilities and patch systems
Quickly create custom scripts and controls for faster, more automated remediation
Address critical vulnerabilities with flexible, patchless solutions
Advanced endpoint threat protection, improved threat context, and alert prioritization
Extend detection and response beyond the endpoint to the enterprise
Reduce risk, and comply with internal policies and external regulations with ease
Reduce alert noise and safeguard files from nefarious actors and cyber threats
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.
Detect and remediate security issues within IaC templates
Manage your security posture and risk across your entire SaaS application stack
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.
Discover, track, and continuously secure containers – from build to runtime
Everything you need to measure, manage, and reduce your cyber risk in one place
Contact us below to request a quote, or for any product-related questions
See entire attack surface, continuously maintain your CMDB, and track EOL/EOS software
Gain an attacker’s view of your external internet-facing assets and unauthorized software
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster
Consolidate & translate security & vulnerability findings from 3rd party tools
Discover, track, and continuously secure containers – from build to runtime
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Automate scanning in CI/CD environments with shift left DAST testing
Efficiently remediate vulnerabilities and patch systems
Quickly create custom scripts and controls for faster, more automated remediation
Address critical vulnerabilities with flexible, patchless solutions
Advanced endpoint threat protection, improved threat context, and alert prioritization
Extend detection and response beyond the endpoint to the enterprise
Reduce risk, and comply with internal policies and external regulations with ease
Reduce alert noise and safeguard files from nefarious actors and cyber threats
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.
Detect and remediate security issues within IaC templates
Manage your security posture and risk across your entire SaaS application stack
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.
Discover, track, and continuously secure containers – from build to runtime
Vol. 11, Num. 44
This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.
Archived issues may be found at the SANS @RISK Newletter Archive.
Platform Number of Updates and Vulnerabilities
— | —
Third Party Windows Apps 7
Linux | 1
Cross Platform 8 (#1)
Web Application - Cross Site Scripting 2
Web Application - SQL Injection 3
Web Application 2
Network Device 1
Hardware 2
Widely Deployed Software
(1) HIGH: Google Chrome Multiple Vulnerabilitise
11.44.1 - Novell ZENworks Handheld Management Multiple Unspecified Remote Code Execution Vulnerabilities
11.44.2 - HP MFP Digital Sending Software Local Information Disclosure
11.44.3 - Oracle DataDirect Multiple Native Wire Protocol ODBC Driver Buffer Overflow
11.44.4 - Skype Technologies Skype Client for Windows File Transfer Remote Buffer Overflow
11.44.5 - Multiple Schneider Electric Products UnitelWay Device Driver Privilege Escalation
11.44.6 - Oracle AutoVue “AutoVueX.ocx” ActiveX Control Insecure Method
11.44.7 - Cyclope Internet Filtering Proxy “CEPMServer.exe” Denial of Service
11.44.8 - apt SSL Certificate Validation Security Bypass
11.44.9 - MIT Kerberos Multiple Denial of Service Vulnerabilities
11.44.10 - Oracle GlassFish Server/Java System App Server Remote Vulnerability
11.44.11 - IBM WebSphere Application Server JAX-WS Unspecified Vulnerability
11.44.12 - MetaSploit Framework “project [name]” Field HTML Injection
11.44.13 - Mozilla NSS “NSS_NoDB_Init()” Insecure Library Loading Arbitrary Code Execution
11.44.14 - Opera Web Browser Tree Traversing Use-After-Free Memory Corruption
11.44.15 - Wing FTP Server Versions Prior to 4.0.1 Information Disclosure
11.44.16 - Google Chrome Prior to 15.0.874.102 Multiple Security Vulnerabilities
11.44.17 - InverseFlow Multiple Cross-Site Scripting Vulnerabilities
11.44.18 - PacketFence Multiple Cross-Site Scripting Vulnerabilities
11.44.19 - Boonex Dolphin “xml/get_list.php” SQL Injection
11.44.20 - Elgg “limit” Parameter SQL Injection
11.44.21 - Radius Manager “admin.php” SQL Injection
11.44.22 - phpLDAPadmin “functions.php” Remote PHP Code Injection
11.44.23 - Alsbtain Bulletin Multiple Local File Include Vulnerabilities
11.44.24 - Cisco Nexus OS “section” and “less” Local Command Injection Vulnerabilities
11.44.25 - D-Link Password Field Remote Command Execution
11.44.26 - McAfee Web Gateway Web Access Cross-Site Scripting
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company’s continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint’s analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process
Affected:
Google Chrome prior to 15.0.874.102
Description: Google has released patches for multiple vulnerabilities
affecting its Chrome web browser. The vulnerabilities include eleven
rated High, including use-after-free and heap overflow vulnerabilities.
Although the vulnerabilities are unspecified, it is likely that some of
them can be exploited for code execution. An attacker would have to
entice a target to view a malicious site in order to exploit these
vulnerabilities.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.google.com
Google Chrome Stable Channel Update
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/50360
Qualys (www.qualys.com)
This list is compiled by Qualys (www.qualys.com) as part of that
company’s ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 12562 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.
Platform: Third Party Windows Apps
Title: Novell ZENworks Handheld Management Multiple Unspecified Remote
Code Execution Vulnerabilities
Description: Novell ZENworks Handheld Management is an application
used to secure stolen handheld devices from leaking sensitive
information. Novell ZENworks Handheld Management is exposed to
multiple unspecified remote code-execution issues. Novell ZENworks
Handheld Management 7 is affected.
Ref:
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009489&sliceId=1&docTypeID=DT_TID_1_1&dialogID=275049409&stateId=00275045722
Platform: Third Party Windows Apps
Title: HP MFP Digital Sending Software Local Information Disclosure
Description: HP MFP Digital Sending Software is an application used by
HP Multifunction Peripheral (MFP) to send scanned documents. The
application is exposed to a local information disclosure issue.
Specifically, a local attacker can exploit the issue to disclose
personal information from the workflow metadata to unintended
recipients. HP MFP Digital Sending Software 4.91.21 and previous 4.9x
versions are affected.
Ref:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03052686
Platform: Third Party Windows Apps
Title: Oracle DataDirect Multiple Native Wire Protocol ODBC Driver
Buffer Overflow
Description: Oracle DataDirect is a set of drivers that allow users to
connect to various types of databases. Oracle DataDirect is exposed to
a buffer overflow issue. This issue affects the “ADODB.Connection”
object when trying to connect to a database. Specifically, the
application fails to perform adequate boundary checks on user-supplied
data before passing it to the “HOST” parameter of the connection
string. DataDirect 6.0 SQL Server Native Wire Protocol, DataDirect 6.0
Greenplum Wire Protocol, DataDirect 6.0 Informix Wire Protocol,
DataDirect 6.0 PostgreSQL Wire Protocol and DataDirect 6.0 MySQL Wire
Protocol are affected.
Ref: http://www.securityfocus.com/archive/1/520169
Platform: Third Party Windows Apps
Title: Skype Technologies Skype Client for Windows File Transfer
Remote Buffer Overflow
Description: Skype is peer-to-peer communications software that
supports Internet based voice communications. The application is
exposed to a remote buffer overflow issue because it fails to perform
adequate checks on user-initiated file transfer requests.
Specifically, the problem occurs when handling file transfers
initiated during an “unavailable” or “busy” mode. Skype versions
5.3.0.120 and prior are vulnerable and other versions may also be
affected.
Ref: http://www.securityfocus.com/bid/50308/references
Platform: Third Party Windows Apps
Title: Multiple Schneider Electric Products UnitelWay Device Driver
Privilege Escalation
Description: Schneider Electric products provide solutions to energy
management. The applications are exposed to a local privilege-escalation
issue. Specifically, this issue affects the UnitelWay device driver when
processing a specially crafted input, which may result in triggering a
buffer overflow. Vijeo Citect 7.20 and prior versions, OPC Factory
Server 3.34, Telemecanique Driver Pack 2.6 and prior versions, Unity Pro
6.0 and prior versions, Monitor 7.6 and prior versions and PL7 Pro 4.5
SP5 and prior versions are affected.
Ref: http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf
Platform: Third Party Windows Apps
Title: Oracle AutoVue “AutoVueX.ocx” ActiveX Control Insecure Method
Description: Oracle AutoVue is a suite of visualization applications.
Oracle AutoVue “AutoVueX.ocx” ActiveX control is exposed to an issue
caused by an insecure method. The issue occurs because the application
fails to handle user-supplied input passed to the “Export3DBom()”
method. The control is identified by CLSID:
B6FCC215-D303-11D1-BC6C- 0000C078797F. Oracle AutoVue 20.0.1 is
vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/50333/references
Platform: Third Party Windows Apps
Title: Cyclope Internet Filtering Proxy “CEPMServer.exe” Denial of
Service
Description: Cyclope Internet Filtering Proxy is a website navigation
filtering application. The application is exposed to a denial of
service issue. Specifically, the issue occurs in the “CEPMServer.exe”
service when an overly long string is provided to the “” tag.
Cyclope Internet Filtering Proxy version 4.0 is vulnerable and other
versions may also be affected.
Ref: http://www.securityfocus.com/bid/50335/discuss
Platform: Linux
Title: apt SSL Certificate Validation Security Bypass
Description: apt is a package manager. Apt is exposed to a security
bypass issue because it fails to properly validate SSL certificates.
Specifically, the program fails to verify the host name in the
certificates from “/etc/ssl/certs/ca-certificates.crt”. Apt versions
prior to 0.8.11 are affected.
Ref: http://www.securityfocus.com/bid/50288/discuss
Platform: Cross Platform
Title: MIT Kerberos Multiple Denial of Service Vulnerabilities
Description: MIT Kerberos is a suite of applications and libraries
designed to implement the Kerberos network authentication protocol. It
is freely available and operates on numerous platforms. MIT Kerberos
is exposed to multiple remote denial of service issues. See
reference for further details. krb5-1.8 and later and krb5-1.9 and later
are affected.
Ref: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
Platform: Cross Platform
Title: Oracle GlassFish Server/Java System App Server Remote
Vulnerability
Description: Oracle GlassFish Server and Sun Java System Application
Server are exposed to a remote issue. The issue can be exploited over
the “HTTP” protocol. The “Web Container” sub component is affected.
Communications Server 2.0, GlassFish Enterprise Server 2.1.1, 3.0.1 amd
3.1.1, and Sun Java System App Server 8.1 and 8.2 are affected.
Ref:
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
Platform: Cross Platform
Title: IBM WebSphere Application Server JAX-WS Unspecified
Vulnerability
Description: IBM WebSphere Application Server is a web server.
The application is exposed to an unspecified issue in the
WS-Security policy enabled Java API for XML Web Services
application. IBM WebSphere Application Server versions 6.1 through
6.1.0.40 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM50205
Platform: Cross Platform
Title: MetaSploit Framework “project [name]” Field HTML Injection
Description: Metasploit Framework is a tool for penetration testing
and exploit development. It is available for Linux and Microsoft
Windows platforms. The application is exposed to an HTML injection
issue that affects the web user interface because it fails to properly
sanitize user-supplied input submitted to the “project [name]” field.
MetaSploit Framework 4.1.0 is vulnerable and other versions may also
be affected.
Ref: http://www.securityfocus.com/bid/50315/references
Platform: Cross Platform
Title: Mozilla NSS “NSS_NoDB_Init()” Insecure Library Loading
Arbitrary Code Execution
Description: Mozilla Network Security Services (NSS) is a library
providing cryptographic and security functionality. It is used by a
number of products, including Mozilla Firefox, Thunderbird and
SeaMonkey. The application is exposed to an issue that lets attackers
execute arbitrary code. The issue arises because the “NSS_NoDB_Init()”
function fails to properly create the file path for the “/pkcs11.txt”
configuration file and for “/secmod.db”. Mozilla NSS version 3.12.5
and prior are affected.
Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=641052
Platform: Cross Platform
Title: Opera Web Browser Tree Traversing Use-After-Free Memory
Corruption
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The application is exposed to a remote memory
corruption issue because it fails to properly handle tree traversing.
Specifically, this issue occurs because of a use-after-free error
when processing specially crafted HTML elements. Opera 11.51 is
vulnerable and other versions may also be affected.
Ref: http://dl.packetstormsecurity.net/1110-exploits/opera-useafterfree.txt
Platform: Cross Platform
Title: Wing FTP Server Versions Prior to 4.0.1 Information Disclosure
Description: Wing FTP Server is an FTP server application. Wing FTP
Server is exposed to an unspecified information disclosure issue that
occurs when handling specially crafted HTTP requests. Versions prior
to Wing FTP Server 4.1.0 are affected.
Ref: http://www.wftpserver.com/serverhistory.htm#gotop
CVE-2011-3891,CVE-2011-3890, CVE-2011-3889,CVE-2011-3888,CVE-2011-3887,CVE-2011-3886, CVE-2011-3885,
CVE-2011-3884,CVE-2011-3883, CVE-2011-3882,CVE-2011-3881,CVE-2011-3880,CVE-2011-3879, CVE-2011-3878,
CVE-2011-3877,CVE-2011-3876, CVE-2011-3875,CVE-2011-2845
Platform: Cross Platform
Title: Google Chrome Prior to 15.0.874.102 Multiple Security
Vulnerabilities
Description: Google Chrome is a Web browser available for
multiple platforms. Google Chrome is exposed to multiple security
issues. See reference for further details. Versions prior to Chrome
15.0.874.102 are affected.
Ref:
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
Platform: Web Application - Cross Site Scripting
Title: InverseFlow Multiple Cross-Site Scripting Vulnerabilities
Description: InverseFlow is a web-based application implemented in
PHP. The application is exposed to multiple cross-site scripting
issues because it fails to sufficiently sanitize user-supplied input.
InverseFlow 2.4 is vulnerable and other versions may also be affected.
Ref: http://www.securityfocus.com/bid/50344/references
Platform: Web Application - Cross Site Scripting
Title: PacketFence Multiple Cross-Site Scripting Vulnerabilities
Description: PacketFence is a network access control
application. The application is exposed to multiple cross-site
scripting issues because it fails to sufficiently sanitize
user-supplied input. Versions prior to PacketFence 3.0.2 are affected.
Ref: http://www.securityfocus.com/bid/50353/references
Platform: Web Application - SQL Injection
Title: Boonex Dolphin “xml/get_list.php” SQL Injection
Description: Dolphin is a PHP-based application for creating online
communities. The application is exposed to an SQL injection issue
because it fails to properly sanitize user-supplied input submitted to
the “iIDcat” parameter of the “xml/get_list.php” script. Boonex
Dolphin 6.1 is vulnerable and other versions may also be affected.
Ref: http://www.securityfocus.com/archive/1/520146
Platform: Web Application - SQL Injection
Title: Elgg “limit” Parameter SQL Injection
Description: Curverider Elgg is a PHP-based social media application.
The plugin is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data submitted to the “limit”
parameter of the “mod/search/search_hooks.php” script. Elgg 1.7.10
through 1.7.13 are affected.
Ref: http://www.securityfocus.com/bid/50327/references
Platform: Web Application - SQL Injection
Title: Radius Manager “admin.php” SQL Injection
Description: Radius Manager is a web-based router administration
application. Radius Manager is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data submitted
to the “cont” parameter of the “admin.php” script. Radius Manager
3.9.0 is vulnerable and other versions may also be affected.
Ref: http://www.securityfocus.com/bid/50337/references
Platform: Web Application
Title: phpLDAPadmin “functions.php” Remote PHP Code Injection
Description: phpLDAPadmin is a web-based application implemented in PHP
for administering LDAP servers. The application is exposed to
an issue that lets attackers inject arbitrary PHP code. The issue
occurs because the application fails to sanitize the input passed to
the “sortby” parameter in “masort()” function of the
“lib/functions.php” script. phpLDAPadmin versions 1.2.0 through
1.2.1.1 are affected.
Ref: http://www.securityfocus.com/bid/50331/references
Platform: Web Application
Title: Alsbtain Bulletin Multiple Local File Include Vulnerabilities
Description: Alsbtain Bulletin is a web application implemented in
PHP. Alsbtain Bulletin is exposed to multiple local file include
issues because it fails to properly sanitize user-supplied input
submitted to the “style” and “act” parameters of the “index.php”
script. Alsbtain Bulletin 1.5 and 1.6 are vulnerable and other versions
may also be affected.
Ref: http://www.securityfocus.com/bid/50350/references
Platform: Network Device
Title: Cisco Nexus OS “section” and “less” Local Command Injection
Vulnerabilities
Description: Cisco MDS, UCS, Nexus 7000, 5000, 4000, 3000, 2000 and
1000V switches are networking hardware devices. Cisco Nexus OS is the
operating system running on those devices. Cisco Nexus OS is exposed
to multiple local command injection issues because it fails to handle
“section” and “less” sub-commands. Specially, the user-supplied input
to AWK script is not properly sanitized. Commands can be executed due
to improper handling of “|” and “$” symbols. Cisco MDS, UCS, Nexus
7000, 5000, 4000, 3000, 2000 and 1000V are vulnerable and other versions
may also be affected.
Ref: http://www.securityfocus.com/bid/50347/references
Platform: Hardware
Title: D-Link Password Field Remote Command Execution
Description: D-Link DCS-2121 is a wireless IP camera. The device is
exposed to a remote command execution issue. This issue occurs because
the application fails to sanitize user-supplied input to the
“Password” field of the “recorder_test.cgi” script. D-Link DCS-2121
with firmware version 1.04 is vulnerable and other versions may also
be affected.
Ref: http://www.securityfocus.com/bid/50277/discuss
Platform: Hardware
Title: McAfee Web Gateway Web Access Cross-Site Scripting
Description: McAfee Web Gateway is an anti malware application
installed on appliances for web threats. McAfee Web Gateway is exposed
to a cross-site scripting issue because it fails to sanitize
user-supplied input, when processing data passed to the web access
component. McAfee Web Gateway 7.1.5.1 is affected.
Ref:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23455/en_US/mwg_7152_release_notes.pdf