@RISK Newsletter for November 10, 2011
The consensus security vulnerability alert.
Vol. 11, Num. 46
This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.
Archived issues may be found at the SANS @RISK Newletter Archive.
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
— | —
Windows 3 (#1,#2)
Other Microsoft Products | 1
Third Party Windows Apps | 3 (#3,#6)
Linux 1
Cross Platform 5 (#4,#5)
Web Application - Cross Site Scripting 3
Web Application - SQL Injection 2
Web Application 4
Network Device 1
Hardware | 3
Part I – Critical Vulnerabilities from TippingPoint ( www.tippingpoint.com )
Widely Deployed Software
(1) HIGH: Microsoft Windows Kernel TrueType Font Parsing Vulnerability
(2) HIGH: Microsoft Windows Windows Kernel Networking Vulnerability
(3) HIGH: HP Data Protector Media Operation ‘DBServer.exe’ Buffer Overflow Vulnerability
(4) HIGH: Mozilla Firefox Multiple Security Vulnerabilities
(5) HIGH: Adobe Shockwave Player Multiple Vulnerabilities
(6) MEDIUM: Novell ZENworks Software Packaging Multiple Vulnerabilities
Part II – Comprehensive List of Newly Discovered Vulnerabilities from Qualys
Windows
11.46.1 - Microsoft Windows TCP/IP Stack Reference Counter Integer Overflow
11.46.2 - Microsoft Windows Kernel TrueType Font Parsing Denial of Service
11.46.3 - Windows Mail and Windows Meeting Space DLL Loading Arbitrary Code Execution
Other Microsoft Products
11.46.4 - Microsoft Active Directory LDAPS Authentication Bypass
Third Party Windows Apps
11.46.5 - Advantech ADAM OPC Server ActiveX Control Buffer Overflow
11.46.6 - HP Data Protector Media Operation “DBServer.exe” Heap Buffer Overflow
11.46.7 - Aviosoft DTV Player “.plf” File Remote Buffer Overflow
Linux
11.46.8 - LightDM Symlink Attack Local Privilege Escalation
Cross Platform
11.46.9 - Serv-U Web Client Unspecified Cross-Site Scripting
11.46.10 - FFmpeg Multiple Unspecified Vulnerabilities
11.46.11 - Adobe Shockwave Player Multiple Vulnerabilities
11.46.12 - ChaSen Unspecified Buffer Overflow
11.46.13 - Mozilla Firefox and Thunderbird Multiple Vulnerabilities
Web Application - Cross Site Scripting
11.46.14 - XAMPP “PHP_SELF” Variable Multiple Cross-Site Scripting Vulnerabilities
11.46.15 - IBM Rational Asset Manager Unspecified Cross-Site Scripting
11.46.16 - Serendipity “serendipity” Parameter Cross-Site Scripting
Web Application - SQL Injection
11.46.17 - OrderSys “where_clause” Parameter Multiple SQL Injection Vulnerabilities
11.46.18 - LabStore Multiple SQL Injection Vulnerabilities
Web Application
11.46.19 - Ajax File and Image Manager “data.php” PHP Code Injection
11.46.20 - Mahara Upload Denial of Service
11.46.21 - vBulletin “section.php” Unspecified Security Vulnerability
11.46.22 - UBB.Threads Unspecified File Upload Vulnerability
Network Device
11.46.23 - SingTel 2Wire Hardcoded Password Security Bypass
Hardware
11.46.24 - Cisco Small Business SRP500 Series Appliances Web Interface Remote Command Injection
11.46.25 - RSA Key Manager Appliance Session Handling Local Security Bypass
11.46.26 - DreamBox DM800 “file” Parameter Local File Disclosure
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company’s continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint’s analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process
(1) HIGH: Microsoft Windows Kernel TrueType Font Parsing Vulnerability
Affected:
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Description: The Microsoft Windows Kernel is susceptible to a
vulnerability due to improper handling of TrueType fonts. This
vulnerability is being actively exploited in the wild by the Duqu worm.
By enticing the target to view a document with a malicious font, the
attacker can exploit this vulnerability in order to execute arbitrary
code on the target machine with SYSTEM-level permissions.
Status: vendor confirmed, updates not available
References:
Vendor Site
http://www.microsoft.com
Microsoft Security Advisory
http://technet.microsoft.com/en-us/security/advisory/2639658
Common Vulnerabilities and Exposures
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402
(2) HIGH: Microsoft Windows Windows Kernel Networking Vulnerability
Affected:
Windows Vista
Windows Server 2008
Windows 7
Description: Microsoft has released a patch for a vulnerability in the
Windows kernel relating to its handling of UDP packets. The
vulnerability lies in the way UDP packets are managed in memory. By
sending a stream of specially crafted crafted UDP packets, an attacker
can exploit this vulnerability in order to execute arbitrary code on the
target’s machine with SYSTEM-level permissions.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.microsoft.com
Microsoft Security Bulletin
http://technet.microsoft.com/en-us/security/bulletin/ms11-083
Common Vulnerabilities and Exposures
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2013
(3) HIGH: HP Data Protector Media Operation ‘DBServer.exe’ Buffer
Overflow Vulnerability
Affected:
HP Data Protector Media Operations Version 6.20 and prior
Description: Luigi Auriemma has published an exploit for a vulnerability
affecting Data Protector, HP’s centralized backup software. The
vulnerability is due to improper handling of large TCP segments. It
isn’t immediately clear from the writeup whether the vulnerability is
in the control server or the component that runs on clients. By sending
a malicious request, an attacker can exploit this vulnerability in order
to execute arbitrary code on the target’s machine.
Status: vendor not confirmed, updates not available
References:
Vendor Site
http://www.hp.com
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/50558
(4) HIGH: Mozilla Firefox Multiple Security Vulnerabilities
Affected:
Mozilla Firefox versions prior to 8.0
Description: Mozilla has patched multiple vulnerabilities in its Firefox
web browser. The problems include an error handling SVG tags and
unspecified memory corruption vulnerabilities. By enticing a target to
view a malicious site, an attacker can exploit these vulnerabilities in
order to execute arbitrary code on a target’s machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.mozilla.org
Mozilla Security Advisories
http://www.mozilla.org/security/announce/2011/mfsa2011-47.html
http://www.mozilla.org/security/announce/2011/mfsa2011-48.html
http://www.mozilla.org/security/announce/2011/mfsa2011-49.html
http://www.mozilla.org/security/announce/2011/mfsa2011-50.html
http://www.mozilla.org/security/announce/2011/mfsa2011-51.html
http://www.mozilla.org/security/announce/2011/mfsa2011-52.html
Common Vulnerabilities and Exposures
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655
(5) HIGH: Adobe Shockwave Player Multiple Vulnerabilities
Affected:
Adobe Shockwave Player 11.6.1.629 and prior for Windows and Macintosh
Description: Adobe has released patches for multiple vulnerabilities
affecting its Shockwave multimedia player. The vulnerabilities, which
are in DIRAPI.dll and TextXtra.x32, are due to problems parsing Director
files. Director files are similar to flash files. By enticing a target
to view a malicious site, an attacker can exploit this vulnerability in
order to execute arbitrary code on the target’s machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.adobe.com
Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb11-27.html
Common Vulnerabilities and Exposures
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2449
(6) MEDIUM: Novell ZENworks Software Packaging Multiple Vulnerabilities
Affected
Novell ZENworks 10 Configuration Management with Support Pack 2 - 10.2
Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3
Novell ZENworks 11 Configuration Management Support Pack 1 - ZCM 11 SP
Novell ZENworks AdminStudio
Description: Novell has released a patch for multiple vulnerabilities
in its ZENworks Software Packaging software. ZENworks, which offers
configuration management from a centralized console, includes an
application packaging component that, in turn, contains three
vulnerabilities in its ActiveX controls: a buffer overflow in
ISGrid2.dll; a directory traversal in LaunchHelp.dll; and the use of
killbitted ActiveX control, circa year 2000, via a scriptable
intermediate control, ISList.ISAvi. The elder ActiveX control,
mscomct2.ocx, is susceptible to a variety of exploitable
vulnerabilities. By enticing a target to view a malicious site, an
attacker can exploit these vulnerabilities in order to execute arbitrary
code on the target’s machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.novell.com
Novell Vendor Update
http://www.novell.com/support/viewContent.do?externalId=7009570&sliceId=1
Zero Day Initiative Advisories
http://www.zerodayinitiative.com/advisories/ZDI-11-317/
http://www.zerodayinitiative.com/advisories/ZDI-11-318/
http://www.zerodayinitiative.com/advisories/ZDI-11-319/
Part II – Comprehensive List of Newly Discovered Vulnerabilities from Qualys
This list is compiled by Qualys (www.qualys.com) as part of that
company’s ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 12638 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.
11.46.1 CVE: CVE-2011-2013
Platform: Windows
Title: Microsoft Windows TCP/IP Stack Reference Counter Integer
Overflow
Description: Microsoft Windows is exposed to a remote integer overflow
issue that affects the TCP/IP stack. Specifically, this issue is caused
by an integer overflow of the reference counter in the
implementation of the TCP/IP stack. All supported editions of Windows
Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2 are
affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS11-083
11.46.2 CVE: CVE-2011-2004
Platform: Windows
Title: Microsoft Windows Kernel TrueType Font Parsing Denial of
Service
Description: Microsoft Windows is exposed to a remote denial of service
issue that occurs in the Windows kernel “Win32k.sys” kernel mode device
driver. Specifically, this issue is caused by the improper handling
of a specially crafted TrueType font file. All supported editions of
Windows 7 and Windows 2008 R2 are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS11-084
11.46.3 CVE: CVE-2011-2016
Platform: Windows
Title: Windows Mail and Windows Meeting Space DLL Loading Arbitrary
Code Execution
Description: Microsoft Windows Mail is an email client. Windows Meeting
Space is an application that allows users to share documents. A remote
code execution issue exists in the way that Windows Mail and Windows
Meeting Space handle the loading of DLL files. Windows Vista, Windows
Server 2008, Windows 7 and Windows Server 2008 R2 are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS11-085
11.46.4 CVE: CVE-2011-2014
Platform: Other Microsoft Products
Title: Microsoft Active Directory LDAPS Authentication Bypass
Description: Microsoft Active Directory is an LDAP (Lightweight
Directory Access Protocol) implementation distributed with multiple
Windows operating systems. Microsoft Active Directory is exposed to a
security bypass issue. The issue occurs when the application is
configured to use LDAPS. Specifically, it fails to validate revoked
SSL certificates against the CRL association with the domain account.
Active Directory, ADAM, and AD LDS installed on supported editions of
Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008
(except Itanium), Windows 7 and Windows Server 2008 R2 (except
Itanium) are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
11.46.5 CVE: CVE-2011-1914
Platform: Third Party Windows Apps
Title: Advantech ADAM OPC Server ActiveX Control Buffer Overflow
Description: Advantech ADAM OPC Server is an interface for industrial
device servers. Advantech ADAM OPC Server is exposed to a remote
buffer overflow issue because it fails to sufficiently validate
user supplied data. This issue affects an unspecified ActiveX
control. Advantech ADAM OPC Server Versions prior to V3.01.012,
Advantech Modbus RTU OPC Server Versions prior to V3.01.010 and
Advantech Modbus TCP OPC Server Versions prior to V3.01.010 are
affected.
Ref: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
11.46.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: HP Data Protector Media Operation “DBServer.exe” Heap Buffer
Overflow
Description: HP Data Protector Media Operations is an application for
tracking and managing offline storage media, such as magnetic tapes.
The application is exposed to a remote heap-based buffer overflow
issue because it fails to properly bounds check user supplied data
before copying it into an insufficiently sized memory buffer.
Specifically, this issue occurs in the “DBServer.exe” process when
processing a packet sent through TCP port 19813. HP Data Protector
Media Operations 6.20 is vulnerable; other versions may also be
affected.
Ref: http://www.securityfocus.com/bid/50558/references
11.46.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Aviosoft DTV Player “.plf” File Remote Buffer Overflow
Description: Aviosoft DTV Player is a media player. The application is
exposed to a remote buffer overflow issue because it fails to perform
adequate bounds checks on user supplied input. Specifically, this
issue occurs while handling specially crafted “.plf” files. Aviosoft
DTV Player 1.0.1.2 is vulnerable; other versions may also be
affected.
Ref: http://www.kb.cert.org/vuls/id/998403
11.46.8 CVE: CVE-2011-3349
Platform: Linux
Title: LightDM Symlink Attack Local Privilege Escalation
Description: LightDM is a cross-desktop display manager. The application
is exposed to a local privilege escalation issue. Specifically, the
issue occurs because the application writes to the “/.dmrc” and/.Xauthority” files as root user. This can be exploited to overwrite
“
arbitrary files via symlink attacks. Versions prior to LightDM 0.9.6 are
affected.
Ref: http://www.securityfocus.com/bid/50506/references
11.46.9 CVE: Not Available
Platform: Cross Platform
Title: Serv-U Web Client Unspecified Cross-Site Scripting
Description: Serv-U Web Client is a browser-based application for
transferring files. The application is exposed to an unspecified
cross-site scripting issue because it fails to sanitize user-supplied
input. Versions prior to Serv-U Web Client 11.0.0.4 are affected.
Ref: http://www.serv-u.com/releasenotes/
11.46.10 CVE: Not Available
Platform: Cross Platform
Title: FFmpeg Multiple Unspecified Vulnerabilities
Description: FFmpeg is a multimedia player. The application is exposed
to multiple unspecified issues. FFmpeg versions prior to
0.7.7 and 0.8.6 are affected.
Ref: http://www.securityfocus.com/bid/50555/references
11.46.11 CVE: CVE-2011-2446,CVE-2011-2447, CVE-2011-2448,CVE-2011-2449
Platform: Cross Platform
Title: Adobe Shockwave Player Multiple Vulnerabilities
Description: Adobe Shockwave Player is a multimedia player.
The application is exposed to multiple issues. See
reference for further details. Versions prior to Adobe Shockwave
Player 11.6.3.633 are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb11-27.html
11.46.12 CVE: CVE-2011-4000
Platform: Cross Platform
Title: ChaSen Unspecified Buffer Overflow
Description: 5ChaSen is an application for morphologically analyzing
Japanese. The application is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data. ChaSen 2.4 series are vulnerable and other versions may also be
affected.
Ref: http://jvn.jp/en/jp/JVN16901583/index.html
11.46.13 CVE: CVE-2011-3647,CVE-2011-3649, CVE-2011-3648,CVE-2011-3655,CVE-2011-3653
CVE-2011-3651,CVE-2011-3650,CVE-2011-3652,CVE-2011-3654
Platform: Cross Platform
Title: Mozilla Firefox and Thunderbird Multiple Vulnerabilities
Description: Firefox is a browser. Thunderbird is an email client.
Both applications are available for multiple platforms. Firefox
and Thunderbird are exposed to multiple security issues. See reference
for further details. Firefox 3.x prior to 3.6.24,Thunderbird 3.x prior
to 3.1.16, Firefox prior to Firefox 8 and Thunderbird prior to
Thunderbird 8 are affected.
Ref: http://www.mozilla.org/security/announce/2011/mfsa2011-46.html
http://www.mozilla.org/security/announce/2011/mfsa2011-47.html
http://www.mozilla.org/security/announce/2011/mfsa2011-48.html
http://www.mozilla.org/security/announce/2011/mfsa2011-49.html
http://www.mozilla.org/security/announce/2011/mfsa2011-50.html
http://www.mozilla.org/security/announce/2011/mfsa2011-51.html
http://www.mozilla.org/security/announce/2011/mfsa2011-52.html
11.46.14 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: XAMPP “PHP_SELF” Variable Multiple Cross-Site Scripting
Vulnerabilities
Description: XAMPP is a bundle that contains the Apache web server,
MySQL, PHP, Perl, FTP server and phpMyAdmin. The application is
exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied data passed through URI to
“xamppsecurity.php”, “cds.php”, “ perlinfo.pl “. XAMPP 1.7.7 for Windows
is affected.
Ref: http://www.securityfocus.com/bid/50564/references
11.46.15 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Rational Asset Manager Unspecified Cross-Site Scripting
Description: Rational Asset Manager provides a definitive library for
managing business and technical assets. The application is exposed
to a cross-site scripting issue because it fails to properly sanitize
unspecified user-supplied input. Rational Asset Manager 7.5 is
vulnerable and other versions may also be affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM38467
11.46.16 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Serendipity “serendipity” Parameter Cross-Site Scripting
Description: Serendipity is a web log application implemented in PHP.
The application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input submitted to the
“serendipity” parameter of the “serendipity_admin_image_selector.php”
script. This issue affects Serendipity 1.5.5; prior versions may
also be affected.
Ref: http://www.rul3z.de/advisories/SSCHADV2011-015.txt
11.46.17 CVE: CVE-2010-5000
Platform: Web Application - SQL Injection
Title: OrderSys “where_clause” Parameter Multiple SQL Injection
Vulnerabilities
Description: OrderSys is a web-based application implemented in PHP.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the
“where_clause” parameter of the “index.php”, “index_long.php” and
“index_short.php” scripts. OrderSys 1.6.4 and prior are affected.
Ref: http://www.securityfocus.com/bid/50550/info
11.46.18 CVE: Not Available
Platform: Web Application - SQL Injection
Title: LabStore Multiple SQL Injection Vulnerabilities
Description: LabStore is a web-based application written in PHP. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data submitted to the
“where_clause” parameter. LabStore 1.5.4 and prior are vulnerable and
other versions may also be affected.
Ref: http://www.securityfocus.com/bid/50551/info
11.46.19 CVE: Not Available
Platform: Web Application
Title: Ajax File and Image Manager “data.php” PHP Code Injection
Description: Ajax File and Image Manager is exposed to an issue that
lets attackers inject arbitrary PHP code. The issue occurs because the
application fails to sanitize the input passed to the “$data” parameter
of the “data.php” script. Ajax File and Image Manager 1.0 is vulnerable
and other versions may also be affected.
Ref: http://www.securityfocus.com/bid/50523/info
11.46.20 CVE: CVE-2011-2772
Platform: Web Application
Title: Mahara Upload Denial of Service
Description: Mahara is a web-based portfolio application. The
application is exposed to a denial of service issue because it fails
to sufficiently restrict uploads. Versions prior to Mahara 1.4.1 are
affected.
Ref: https://launchpad.net/mahara/+milestone/1.4.1
11.46.21 CVE: Not Available
Platform: Web Application
Title: vBulletin “section.php” Unspecified Security Vulnerability
Description: vBulletin is a content manager implemented in PHP. The
application is exposed to an unspecified issue caused by an
unknown error in the “packages/vbcms/dm/section. php” script. vBulletin
Publishing Suite 4.x are affected.
Ref: http://www.securityfocus.com/bid/50561/references
11.46.22 CVE: CVE-2010-4353
Platform: Web Application
Title: UBB.Threads Unspecified File Upload Vulnerability
Description: UBB.Threads is a web-based application. The application
is exposed to an arbitrary file upload issue because it fails to
adequately validate files before uploading them. UBB.Threads 7.3 and
later are affected.
Ref: http://www.securityfocus.com/bid/50553/references
11.46.23 CVE: CVE-2011-3682
Platform: Network Device
Title: SingTel 2Wire Hardcoded Password Security Bypass
Description: SingTel 2Wire is a gateway router for Internet service
subscribers used to access the web. The device is exposed to a remote
security bypass issue because it’s Management and Diagnostic Console
uses a hardcoded default password: “2wire”. SingTel 2Wire
firmware versions 5 and below are affected.
Ref: http://blog.szechuen.com/cve-2011-3682
11.46.24 CVE: CVE-2011-4005
Platform: Hardware
Title: Cisco Small Business SRP500 Series Appliances Web Interface
Remote Command Injection
Description: Cisco Small Business SRP500 Series Appliances are
services-ready platforms that provide IP voice, data, security and
wireless services. The devices are exposed to a remote command
injection issue because they fail to properly sanitize user-supplied
input to the web interface of the SRP (Services Ready Platform)
Configuration Utility. SRP520 Series models with firmware prior to
version 1.1.24 and SRP540 Series models with firmware prior to version
1.2.1 are affected.
Ref:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111102-srp500
11.46.25 CVE: CVE-2011-2740
Platform: Hardware
Title: RSA Key Manager Appliance Session Handling Local Security
Bypass
Description: The RSA Key Manager Appliance is a hardware device
designed to simplify the installation and management of the RSA Key
Manager server. The device is exposed to a security bypass issue
because it fails to properly end a session when a user logs out. RSA
Key Manager Appliance 2.7 Service Pack 1 is vulnerable and other versions
may also be affected.
Ref: http://www.securityfocus.com/archive/1/520381
11.46.26 CVE: Not Available
Platform: Hardware
Title: DreamBox DM800 “file” Parameter Local File Disclosure
Description: The DreamBox is a Linux-based DVB satellite and digital
cable decoder. DreamBox DM800 is exposed to a local file disclosure
issue because it fails to adequately validate user-supplied input to
the “file” parameter of an unspecified script. DreamBox DM800 versions
1.5rc1 and prior are affected.
Ref: http://www.securityfocus.com/bid/50520/info