Search

See Resources

@RISK Newsletter for October 27, 2011 The Consensus Security Vulnerability Alert

This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.


@RISK: The Consensus Security Vulnerability Alert
Vol. 11, Num. 44

Providing a reliable, weekly summary of newly discovered attack vectors, vulnerabilities with active exploits, and explanations of how recent attacks worked.

Archived issues may be found at https://www.qualys.com/research/sans-at-risk/


Summary of Updates and Vulnerabilities in this Consensus

Platform Number of Updates and Vulnerabilities
— | —
Third Party Windows Apps 7
Linux | 1
Cross Platform 8 (#1)
Web Application - Cross Site Scripting 2
Web Application - SQL Injection 3
Web Application 2
Network Device 1
Hardware 2


Part I – Critical Vulnerabilities from TippingPoint ( www.tippingpoint.com )

Widely Deployed Software
(1) HIGH: Google Chrome Multiple Vulnerabilitise


Part II – Comprehensive List of Newly Discovered Vulnerabilities from Qualys

(www.qualys.com)

Third Party Windows Apps

11.44.1 - Novell ZENworks Handheld Management Multiple Unspecified Remote Code Execution Vulnerabilities
11.44.2 - HP MFP Digital Sending Software Local Information Disclosure
11.44.3 - Oracle DataDirect Multiple Native Wire Protocol ODBC Driver Buffer Overflow
11.44.4 - Skype Technologies Skype Client for Windows File Transfer Remote Buffer Overflow
11.44.5 - Multiple Schneider Electric Products UnitelWay Device Driver Privilege Escalation
11.44.6 - Oracle AutoVue “AutoVueX.ocx” ActiveX Control Insecure Method
11.44.7 - Cyclope Internet Filtering Proxy “CEPMServer.exe” Denial of Service

Linux

11.44.8 - apt SSL Certificate Validation Security Bypass

Cross Platform

11.44.9 - MIT Kerberos Multiple Denial of Service Vulnerabilities
11.44.10 - Oracle GlassFish Server/Java System App Server Remote Vulnerability
11.44.11 - IBM WebSphere Application Server JAX-WS Unspecified Vulnerability
11.44.12 - MetaSploit Framework “project [name]” Field HTML Injection
11.44.13 - Mozilla NSS “NSS_NoDB_Init()” Insecure Library Loading Arbitrary Code Execution
11.44.14 - Opera Web Browser Tree Traversing Use-After-Free Memory Corruption
11.44.15 - Wing FTP Server Versions Prior to 4.0.1 Information Disclosure
11.44.16 - Google Chrome Prior to 15.0.874.102 Multiple Security Vulnerabilities

Web Application - Cross Site Scripting

11.44.17 - InverseFlow Multiple Cross-Site Scripting Vulnerabilities
11.44.18 - PacketFence Multiple Cross-Site Scripting Vulnerabilities

Web Application - SQL Injection

11.44.19 - Boonex Dolphin “xml/get_list.php” SQL Injection
11.44.20 - Elgg “limit” Parameter SQL Injection
11.44.21 - Radius Manager “admin.php” SQL Injection

Web Application

11.44.22 - phpLDAPadmin “functions.php” Remote PHP Code Injection
11.44.23 - Alsbtain Bulletin Multiple Local File Include Vulnerabilities

Network Device

11.44.24 - Cisco Nexus OS “section” and “less” Local Command Injection Vulnerabilities

Hardware

11.44.25 - D-Link Password Field Remote Command Execution
11.44.26 - McAfee Web Gateway Web Access Cross-Site Scripting


PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company’s continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint’s analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process


(1) HIGH: Google Chrome Multiple Vulnerabilitise

Affected:
Google Chrome prior to 15.0.874.102

Description: Google has released patches for multiple vulnerabilities
affecting its Chrome web browser. The vulnerabilities include eleven
rated High, including use-after-free and heap overflow vulnerabilities.
Although the vulnerabilities are unspecified, it is likely that some of
them can be exploited for code execution. An attacker would have to
entice a target to view a malicious site in order to exploit these
vulnerabilities.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.google.com
Google Chrome Stable Channel Update
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/50360


Part II – Comprehensive List of Newly Discovered Vulnerabilities from

Qualys (www.qualys.com)

This list is compiled by Qualys (www.qualys.com) as part of that
company’s ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 12562 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.


11.44.1 CVE: CVE-2011-2656,CVE-2011-2655

Platform: Third Party Windows Apps
Title: Novell ZENworks Handheld Management Multiple Unspecified Remote
Code Execution Vulnerabilities
Description: Novell ZENworks Handheld Management is an application
used to secure stolen handheld devices from leaking sensitive
information. Novell ZENworks Handheld Management is exposed to
multiple unspecified remote code-execution issues. Novell ZENworks
Handheld Management 7 is affected.
Ref:
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009489&sliceId=1&docTypeID=DT_TID_1_1&dialogID=275049409&stateId=00275045722


11.44.2 CVE: CVE-2011-3163

Platform: Third Party Windows Apps
Title: HP MFP Digital Sending Software Local Information Disclosure
Description: HP MFP Digital Sending Software is an application used by
HP Multifunction Peripheral (MFP) to send scanned documents. The
application is exposed to a local information disclosure issue.
Specifically, a local attacker can exploit the issue to disclose
personal information from the workflow metadata to unintended
recipients. HP MFP Digital Sending Software 4.91.21 and previous 4.9x
versions are affected.
Ref:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03052686


11.44.3 CVE: Not Available

Platform: Third Party Windows Apps
Title: Oracle DataDirect Multiple Native Wire Protocol ODBC Driver
Buffer Overflow
Description: Oracle DataDirect is a set of drivers that allow users to
connect to various types of databases. Oracle DataDirect is exposed to
a buffer overflow issue. This issue affects the “ADODB.Connection”
object when trying to connect to a database. Specifically, the
application fails to perform adequate boundary checks on user-supplied
data before passing it to the “HOST” parameter of the connection
string. DataDirect 6.0 SQL Server Native Wire Protocol, DataDirect 6.0
Greenplum Wire Protocol, DataDirect 6.0 Informix Wire Protocol,
DataDirect 6.0 PostgreSQL Wire Protocol and DataDirect 6.0 MySQL Wire
Protocol are affected.
Ref: http://www.securityfocus.com/archive/1/520169


11.44.4 CVE: Not Available

Platform: Third Party Windows Apps
Title: Skype Technologies Skype Client for Windows File Transfer
Remote Buffer Overflow
Description: Skype is peer-to-peer communications software that
supports Internet based voice communications. The application is
exposed to a remote buffer overflow issue because it fails to perform
adequate checks on user-initiated file transfer requests.
Specifically, the problem occurs when handling file transfers
initiated during an “unavailable” or “busy” mode. Skype versions
5.3.0.120 and prior are vulnerable and other versions may also be
affected.
Ref: http://www.securityfocus.com/bid/50308/references


11.44.5 CVE: CVE-2011-3330

Platform: Third Party Windows Apps
Title: Multiple Schneider Electric Products UnitelWay Device Driver
Privilege Escalation
Description: Schneider Electric products provide solutions to energy
management. The applications are exposed to a local privilege-escalation
issue. Specifically, this issue affects the UnitelWay device driver when
processing a specially crafted input, which may result in triggering a
buffer overflow. Vijeo Citect 7.20 and prior versions, OPC Factory
Server 3.34, Telemecanique Driver Pack 2.6 and prior versions, Unity Pro
6.0 and prior versions, Monitor 7.6 and prior versions and PL7 Pro 4.5
SP5 and prior versions are affected.
Ref: http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf


11.44.6 CVE: Not Available

Platform: Third Party Windows Apps
Title: Oracle AutoVue “AutoVueX.ocx” ActiveX Control Insecure Method
Description: Oracle AutoVue is a suite of visualization applications.
Oracle AutoVue “AutoVueX.ocx” ActiveX control is exposed to an issue
caused by an insecure method. The issue occurs because the application
fails to handle user-supplied input passed to the “Export3DBom()”
method. The control is identified by CLSID:
B6FCC215-D303-11D1-BC6C- 0000C078797F. Oracle AutoVue 20.0.1 is
vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/50333/references


11.44.7 CVE: Not Available

Platform: Third Party Windows Apps
Title: Cyclope Internet Filtering Proxy “CEPMServer.exe” Denial of
Service
Description: Cyclope Internet Filtering Proxy is a website navigation
filtering application. The application is exposed to a denial of
service issue. Specifically, the issue occurs in the “CEPMServer.exe”
service when an overly long string is provided to the “” tag.
Cyclope Internet Filtering Proxy version 4.0 is vulnerable and other
versions may also be affected.
Ref: http://www.securityfocus.com/bid/50335/discuss


11.44.8 CVE: Not Available

Platform: Linux
Title: apt SSL Certificate Validation Security Bypass
Description: apt is a package manager. Apt is exposed to a security
bypass issue because it fails to properly validate SSL certificates.
Specifically, the program fails to verify the host name in the
certificates from “/etc/ssl/certs/ca-certificates.crt”. Apt versions
prior to 0.8.11 are affected.
Ref: http://www.securityfocus.com/bid/50288/discuss


11.44.9 CVE: CVE-2011-1529,CVE-2011-1528, CVE-2011-1527

Platform: Cross Platform
Title: MIT Kerberos Multiple Denial of Service Vulnerabilities
Description: MIT Kerberos is a suite of applications and libraries
designed to implement the Kerberos network authentication protocol. It
is freely available and operates on numerous platforms. MIT Kerberos
is exposed to multiple remote denial of service issues. See
reference for further details. krb5-1.8 and later and krb5-1.9 and later
are affected.
Ref: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt


11.44.10 CVE: CVE-2011-3559

Platform: Cross Platform
Title: Oracle GlassFish Server/Java System App Server Remote
Vulnerability
Description: Oracle GlassFish Server and Sun Java System Application
Server are exposed to a remote issue. The issue can be exploited over
the “HTTP” protocol. The “Web Container” sub component is affected.
Communications Server 2.0, GlassFish Enterprise Server 2.1.1, 3.0.1 amd
3.1.1, and Sun Java System App Server 8.1 and 8.2 are affected.
Ref:
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html


11.44.11 CVE: Not Available

Platform: Cross Platform
Title: IBM WebSphere Application Server JAX-WS Unspecified
Vulnerability
Description: IBM WebSphere Application Server is a web server.
The application is exposed to an unspecified issue in the
WS-Security policy enabled Java API for XML Web Services
application. IBM WebSphere Application Server versions 6.1 through
6.1.0.40 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM50205


11.44.12 CVE: Not Available

Platform: Cross Platform
Title: MetaSploit Framework “project [name]” Field HTML Injection
Description: Metasploit Framework is a tool for penetration testing
and exploit development. It is available for Linux and Microsoft
Windows platforms. The application is exposed to an HTML injection
issue that affects the web user interface because it fails to properly
sanitize user-supplied input submitted to the “project [name]” field.
MetaSploit Framework 4.1.0 is vulnerable and other versions may also
be affected.
Ref: http://www.securityfocus.com/bid/50315/references


11.44.13 CVE: Not Available

Platform: Cross Platform
Title: Mozilla NSS “NSS_NoDB_Init()” Insecure Library Loading
Arbitrary Code Execution
Description: Mozilla Network Security Services (NSS) is a library
providing cryptographic and security functionality. It is used by a
number of products, including Mozilla Firefox, Thunderbird and
SeaMonkey. The application is exposed to an issue that lets attackers
execute arbitrary code. The issue arises because the “NSS_NoDB_Init()”
function fails to properly create the file path for the “/pkcs11.txt”
configuration file and for “/secmod.db”. Mozilla NSS version 3.12.5
and prior are affected.
Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=641052


11.44.14 CVE: Not Available

Platform: Cross Platform
Title: Opera Web Browser Tree Traversing Use-After-Free Memory
Corruption
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The application is exposed to a remote memory
corruption issue because it fails to properly handle tree traversing.
Specifically, this issue occurs because of a use-after-free error
when processing specially crafted HTML elements. Opera 11.51 is
vulnerable and other versions may also be affected.
Ref: http://dl.packetstormsecurity.net/1110-exploits/opera-useafterfree.txt


11.44.15 CVE: Not Available

Platform: Cross Platform
Title: Wing FTP Server Versions Prior to 4.0.1 Information Disclosure
Description: Wing FTP Server is an FTP server application. Wing FTP
Server is exposed to an unspecified information disclosure issue that
occurs when handling specially crafted HTTP requests. Versions prior
to Wing FTP Server 4.1.0 are affected.
Ref: http://www.wftpserver.com/serverhistory.htm#gotop


11.44.16 CVE:

CVE-2011-3891,CVE-2011-3890, CVE-2011-3889,CVE-2011-3888,CVE-2011-3887,CVE-2011-3886, CVE-2011-3885,
CVE-2011-3884,CVE-2011-3883, CVE-2011-3882,CVE-2011-3881,CVE-2011-3880,CVE-2011-3879, CVE-2011-3878,
CVE-2011-3877,CVE-2011-3876, CVE-2011-3875,CVE-2011-2845
Platform: Cross Platform
Title: Google Chrome Prior to 15.0.874.102 Multiple Security
Vulnerabilities
Description: Google Chrome is a Web browser available for
multiple platforms. Google Chrome is exposed to multiple security
issues. See reference for further details. Versions prior to Chrome
15.0.874.102 are affected.
Ref:
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html


11.44.17 CVE: Not Available

Platform: Web Application - Cross Site Scripting
Title: InverseFlow Multiple Cross-Site Scripting Vulnerabilities
Description: InverseFlow is a web-based application implemented in
PHP. The application is exposed to multiple cross-site scripting
issues because it fails to sufficiently sanitize user-supplied input.
InverseFlow 2.4 is vulnerable and other versions may also be affected.
Ref: http://www.securityfocus.com/bid/50344/references


11.44.18 CVE: CVE-2011-4067

Platform: Web Application - Cross Site Scripting
Title: PacketFence Multiple Cross-Site Scripting Vulnerabilities
Description: PacketFence is a network access control
application. The application is exposed to multiple cross-site
scripting issues because it fails to sufficiently sanitize
user-supplied input. Versions prior to PacketFence 3.0.2 are affected.
Ref: http://www.securityfocus.com/bid/50353/references


11.44.19 CVE: Not Available

Platform: Web Application - SQL Injection
Title: Boonex Dolphin “xml/get_list.php” SQL Injection
Description: Dolphin is a PHP-based application for creating online
communities. The application is exposed to an SQL injection issue
because it fails to properly sanitize user-supplied input submitted to
the “iIDcat” parameter of the “xml/get_list.php” script. Boonex
Dolphin 6.1 is vulnerable and other versions may also be affected.
Ref: http://www.securityfocus.com/archive/1/520146


11.44.20 CVE: Not Available

Platform: Web Application - SQL Injection
Title: Elgg “limit” Parameter SQL Injection
Description: Curverider Elgg is a PHP-based social media application.
The plugin is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data submitted to the “limit”
parameter of the “mod/search/search_hooks.php” script. Elgg 1.7.10
through 1.7.13 are affected.
Ref: http://www.securityfocus.com/bid/50327/references


11.44.21 CVE: Not Available

Platform: Web Application - SQL Injection
Title: Radius Manager “admin.php” SQL Injection
Description: Radius Manager is a web-based router administration
application. Radius Manager is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data submitted
to the “cont” parameter of the “admin.php” script. Radius Manager
3.9.0 is vulnerable and other versions may also be affected.
Ref: http://www.securityfocus.com/bid/50337/references


11.44.22 CVE: Not Available

Platform: Web Application
Title: phpLDAPadmin “functions.php” Remote PHP Code Injection
Description: phpLDAPadmin is a web-based application implemented in PHP
for administering LDAP servers. The application is exposed to
an issue that lets attackers inject arbitrary PHP code. The issue
occurs because the application fails to sanitize the input passed to
the “sortby” parameter in “masort()” function of the
“lib/functions.php” script. phpLDAPadmin versions 1.2.0 through
1.2.1.1 are affected.
Ref: http://www.securityfocus.com/bid/50331/references


11.44.23 CVE: Not Available

Platform: Web Application
Title: Alsbtain Bulletin Multiple Local File Include Vulnerabilities
Description: Alsbtain Bulletin is a web application implemented in
PHP. Alsbtain Bulletin is exposed to multiple local file include
issues because it fails to properly sanitize user-supplied input
submitted to the “style” and “act” parameters of the “index.php”
script. Alsbtain Bulletin 1.5 and 1.6 are vulnerable and other versions
may also be affected.
Ref: http://www.securityfocus.com/bid/50350/references


11.44.24 CVE: CVE-2011-2569

Platform: Network Device
Title: Cisco Nexus OS “section” and “less” Local Command Injection
Vulnerabilities
Description: Cisco MDS, UCS, Nexus 7000, 5000, 4000, 3000, 2000 and
1000V switches are networking hardware devices. Cisco Nexus OS is the
operating system running on those devices. Cisco Nexus OS is exposed
to multiple local command injection issues because it fails to handle
“section” and “less” sub-commands. Specially, the user-supplied input
to AWK script is not properly sanitized. Commands can be executed due
to improper handling of “|” and “$” symbols. Cisco MDS, UCS, Nexus
7000, 5000, 4000, 3000, 2000 and 1000V are vulnerable and other versions
may also be affected.
Ref: http://www.securityfocus.com/bid/50347/references


11.44.25 CVE: Not Available

Platform: Hardware
Title: D-Link Password Field Remote Command Execution
Description: D-Link DCS-2121 is a wireless IP camera. The device is
exposed to a remote command execution issue. This issue occurs because
the application fails to sanitize user-supplied input to the
“Password” field of the “recorder_test.cgi” script. D-Link DCS-2121
with firmware version 1.04 is vulnerable and other versions may also
be affected.
Ref: http://www.securityfocus.com/bid/50277/discuss


11.44.26 CVE: Not Available

Platform: Hardware
Title: McAfee Web Gateway Web Access Cross-Site Scripting
Description: McAfee Web Gateway is an anti malware application
installed on appliances for web threats. McAfee Web Gateway is exposed
to a cross-site scripting issue because it fails to sanitize
user-supplied input, when processing data passed to the web access
component. McAfee Web Gateway 7.1.5.1 is affected.
Ref:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23455/en_US/mwg_7152_release_notes.pdf


Email or call us at +1 800 745 4355 or try our Global Contacts
Subscription Packages
Qualys Solutions
Qualys Community
Company
Free Trial & Tools
Popular Topics