@RISK Newsletter for December 15, 2011
The consensus security vulnerability alert.
Vol. 11, Num. 51
This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.
Archived issues may be found at the SANS @RISK Newletter Archive.
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
— | —
Windows 5 (#2)
Microsoft Office 5
Other Microsoft Products 2 (#4)
Third Party Windows Apps 3
Linux 2
Cross Platform | 5 (#1,#3)
Web Application - Cross Site Scripting | 2
Web Application 1
Hardware 1
Part I – Critical Vulnerabilities from TippingPoint ( www.tippingpoint.com)
Widely Deployed Software
(1) HIGH: Adobe Reader Unspecified Vulnerability
(2) HIGH: Microsoft Multiple Products Multiple Security Vulnerabilities
(3) MEDIUM: Apple QuickTime Font Table Signed Length Vulnerability
(4) MEDIUM: HP OpenView Network Node Manager Heap Buffer Overflow
Part II – Comprehensive List of Newly Discovered Vulnerabilities from Qualys
Windows
11.51.1 - Microsoft Windows Kernel Local Privilege Escalation
11.51.2 - Microsoft Windows Time Component Remote Code Execution
11.51.3 - Microsoft Windows CSRSS Local Privilege Escalation
11.51.4 - Microsoft Windows OLE Property Remote Code Execution
11.51.5 - Microsoft Active Directory Buffer Overflow
Microsoft Office
11.51.6 - Microsoft Publisher Multiple Vulnerabilities
11.51.7 - Microsoft Excel Remote Code Execution
11.51.8 - Microsoft PowerPoint DLL Loading Arbitrary Code Execution
11.51.9 - Microsoft Word Access Violation Remote Code Execution
11.51.10 - Microsoft Pinyin IME Local Privilege Escalation
Other Microsoft Products
11.51.11 - Microsoft Internet Explorer Cross-Domain Information Disclosure
11.51.12 - Microsoft Windows Media Player And Media Center “.dvr-ms” Files Remote Code Execution
Third Party Windows Apps
11.51.13 - Winamp Multiple Integer Overflow Vulnerabilities
11.51.14 - zFTPServer “rmdir” Command Directory Traversal
11.51.15 - SafeNet Sentinel HASP and 7T IGSS Unspecified HTML Injection
Linux
11.51.16 - Red Hat Network Satellite Server Description Field HTML Injection
11.51.17 - ISC DHCP Regular Expressions Denial of Service
Cross Platform
11.51.18 - Foxit Reader Unspecified Memory Corruption
11.51.19 - Asterisk SIP “automon” NULL Pointer Dereference Denial Of Service
11.51.20 - PuTTY SSH keyboard Interactive Authentication Password Information Disclosure
11.51.21 - Schneider Electric PowerChute Business Edition Unspecified Cross-Site Scripting
11.51.22 - Opera Web Browser Multiple Denial of Service and Unspecified Vulnerabilities
Web Application - Cross Site Scripting
11.51.23 - Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities
11.51.24 - phpWebSite Unspecified Cross-Site Scripting
Web Application
11.51.25 - vtiger CRM Leads Module Security Bypass
Hardware
11.51.26 - Restorepoint Insecure File Permissions Local Privilege Escalation
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company’s continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint’s analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process
(1) HIGH: Adobe Reader Unspecified Vulnerability
Affected:
Adobe Reader X (10.1.1) and earlier
Adobe Reader 9.4.6 and earlier
Description: Researchers claim to have identified an unspecified and
unpatched vulnerability in Adobe Reader. They have posted a video
demonstrating the exploit. By enticing a target to view a malicious
file, an attacker can exploit either of these vulnerabilities in order
to execute arbitrary code on a target’s machine.
Status: vendor not confirmed, updates not available
References:
Vendor Site
http://www.adobe.com
Neohapsis Archives
http://archives.neohapsis.com/archives/dailydave/2011-q4/0081.html
(2) HIGH: Microsoft Multiple Products Multiple Security Vulnerabilities
Affected:
Excel 2003 Service Pack 3
Office 2004 for Mac
Office 2007 Service Pack 1, 2, and 3
PowerPoint 2007 Service Pack 2
PowerPoint 2010
Publisher 2003 Service Pack 2 and 3
Windows 7 Server Pack 1
Windows Server 2003 Service Pack 2
Windows Server 2008 Service Pack 2
Windows Vista Service Pack 2
Windows XP Media Center Edition 2005 Service Pack 3
Windows XP Service Pack 2 and 3
Description: Microsoft has released patches for security vulnerabilities
affecting multiple products. Microsoft Publisher 2003 has been patched
to address four vulnerabilities in its code for parsing Publisher files:
a function overwrite vulnerability, an out-of-bounds array index
vulnerability, an invalid pointer vulnerability, and an unspecified
memory corruption vulnerability. A patch for Microsoft Word addresses a
use-after-free vulnerability in its code responsible for handling Word
files. Microsoft Time has been patched to address an unspecified
security vulnerability. The patch for OLE is for an unspecified
vulnerability. Microsoft PowerPoint has been patched to address an
unspecified vulnerability in its handling of OfficeArt Shapes within
specially crafted PowerPoint files. Windows itself has been patched to
properly handle TrueType fonts. The patch for Microsoft Excel addresses
an unspecified vulnerability in Excel’s handling of Records. Windows
Media Player DVR-MS has been patched to address an unspecified
vulnerability in its handling of .dvr-ms (Microsoft Digital Video
Recording) files. Except for the vulnerability in the Microsoft Time
component, all of these vulnerabilities can be exploited by enticing a
target to open a malicious file. The vulnerability in the Microsoft Time
component can be exploited by enticing the target to view a malicious
web site. An attacker can exploit any of these vulnerabilities in order
to execute arbitrary code on the target’s machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.microsoft.com
Microsoft Security Vulnerabilities
http://technet.microsoft.com/en-us/security/bulletin/ms11-087
http://technet.microsoft.com/en-us/security/bulletin/ms11-088
http://technet.microsoft.com/en-us/security/bulletin/ms11-089
http://technet.microsoft.com/en-us/security/bulletin/ms11-091
http://technet.microsoft.com/en-us/security/bulletin/ms11-092
http://technet.microsoft.com/en-us/security/bulletin/ms11-094
http://technet.microsoft.com/en-us/security/bulletin/ms11-096
http://technet.microsoft.com/en-us/security/bulletin/ms11-097
Zero Day Initiative Advisories
http://www.zerodayinitiative.com/advisories/ZDI-11-346/
http://www.zerodayinitiative.com/advisories/ZDI-11-347/
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/50090
http://www.securityfocus.com/bid/50943
http://www.securityfocus.com/bid/50949
http://www.securityfocus.com/bid/50950
http://www.securityfocus.com/bid/50954
http://www.securityfocus.com/bid/50955
http://www.securityfocus.com/bid/50956
http://www.securityfocus.com/bid/50964
http://www.securityfocus.com/bid/50967
http://www.securityfocus.com/bid/50972
(3) MEDIUM: Apple QuickTime Font Table Signed Length Vulnerability
Affected:
Apple QuickTime Player prior to 7.7.1
Description: Apple has released patches addressing multiple security
vulnerabilities in its QuickTime media player. The vulnerabilities
include integer overflow vulnerabilities in in Apple Quicktime’s
handling of PICT files, JPEG2000 encoded movie files, and font names
embedded within QuickTime atoms; buffer overflows in QuickTime’s
handling of FlashPix files, FLC files, FLIC files, RLE-encoded movie
files, and movie files encoded with the H.264 codec; an uninitialized
memory access issue in QuickTime’s code responsible for handling URL
data handlers in movie files; an unspecified implementation issue
handling atom hierarchies within a movie file; and unspecified memory
corruption issues in QuickTime’s handling of movie files, including the
TKHD atoms in QuickTime movie files. By enticing a target to view a
malicious file, an attacker can exploit these vulnerabilities in order
to execute arbitrary code on a target’s machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.apple.com
Apple Security Bulletin
http://support.apple.com/kb/HT5016
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-11-340/
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/50068
http://www.securityfocus.com/bid/50100
http://www.securityfocus.com/bid/50101
http://www.securityfocus.com/bid/50122
http://www.securityfocus.com/bid/50127
http://www.securityfocus.com/bid/50130
http://www.securityfocus.com/bid/50131
http://www.securityfocus.com/bid/50399
http://www.securityfocus.com/bid/50400
http://www.securityfocus.com/bid/50401
http://www.securityfocus.com/bid/50403
http://www.securityfocus.com/bid/50404
(4) MEDIUM: HP OpenView Network Node Manager Heap Buffer Overflow
Affected:
Description: HP has released a patch for Network Node Manager, its
configuration management software. By sending a malicious request to the
nnmRptConfig.exe CGI program, an attacker can send a crafted nameParams
parameter in order to trigger a heap buffer overflow. The attacker will
then have the ability to execute arbitrary code on the target’s machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.hp.com
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-11-348/
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/51049
Part II – Comprehensive List of Newly Discovered Vulnerabilities from Qualys
This list is compiled by Qualys (www.qualys.com) as part of that
company’s ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 12814 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.
11.51.1 CVE: CVE-2011-2018
Platform: Windows
Title: Microsoft Windows Kernel Local Privilege Escalation
Description: Microsoft Windows is exposed to a local privilege
escalation issue that occurs in the Windows kernel. Specifically, the
issue arises when the kernel accesses an object that has not
been properly initialized. All supported 32-bit editions of Windows
XP, Windows Server 2003, Windows Vista, Windows Server 2008 and
Windows 7 are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS11-098
11.51.2 CVE: CVE-2011-3397
Platform: Windows
Title: Microsoft Windows Time Component Remote Code Execution
Description: Microsoft Windows is exposed to a remote code execution
issue that affects the Microsoft Time component. The issue can be
exploited to corrupt the system state allowing code execution when the
binary behavior is used in Internet Explorer. All supported editions of
Microsoft Windows are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS11-090
11.51.3 CVE: CVE-2011-3408
Platform: Windows
Title: Microsoft Windows CSRSS Local Privilege Escalation
Description: Microsoft Windows is exposed to a local privilege
escalation issue that affects the Client/Server Run-time Subsystem.
Specifically, the issue occurs in the “csrss.dll” file because of
improper validation of permissions when a lower-integrity process
communicates a device event message to a higher-integrity process. All
supported releases Microsoft Windows are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS11-097
11.51.4 CVE: CVE-2011-3400
Platform: Windows
Title: Microsoft Windows OLE Property Remote Code Execution
Description: Microsoft Windows is exposed to a remote code execution
issue. Specifically, the issue occurs due to improper handling of OLE
objects in memory. All supported editions of Windows XP and Windows
Server 2003 are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS11-093
11.51.5 CVE: CVE-2011-3406
Platform: Windows
Title: Microsoft Active Directory Buffer Overflow
Description: Microsoft Active Directory is an LDAP implementation
distributed with multiple Windows operating systems. The application
is exposed to a buffer overflow issue. Specifically, the issue
occurs when Active Directory processes a specially crafted query and
attempts to access the contents of a memory buffer that has not been
properly initialized. Active Directory, ADAM and AD LDS when installed
on supported editions of Windows XP, Windows Server 2003, Windows Vista,
Windows Server 2008 (except Itanium), Windows 7 and Windows Server 2008 R2
(except Itanium) are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS11-095
11.51.6 CVE: CVE-2011-3412,CVE-2011-3411, CVE-2011-3410,CVE-2011-1508
Platform: Microsoft Office
Title: Microsoft Publisher Multiple Vulnerabilities
Description: Microsoft Publisher is a desktop publishing application.
The application is exposed to multiple issues. See reference for
detailed information. All supported editions of Microsoft Publisher
2003 and Microsoft Publisher 2007 are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/ms11-091
11.51.7 CVE: CVE-2011-3403
Platform: Microsoft Office
Title: Microsoft Excel Remote Code Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. The application is exposed to a remote
code execution issue. Specifically, the issue occurs when the
application incorrectly handles objects in memory. All supported
editions of Microsoft Excel 2003 and Microsoft Office 2004 for Mac are
affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS11-096
11.51.8 CVE: CVE-2011-3396,CVE-2011-3413
Platform: Microsoft Office
Title: Microsoft PowerPoint Remote Code Execution
Description: Microsoft PowerPoint is a presentation application. The
application is exposed to multiple issues. See reference for detailed
information. Microsoft PowerPoint 2007 Service Pack 2, Microsoft
PowerPoint 2010, Microsoft Office 2008 for Mac, Microsoft Office
Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Service Pack 2 and Microsoft PowerPoint Viewer 2007 Service Pack 2 are
affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS11-094
http://www.securityfocus.com/bid/50967/references
11.51.9 CVE: CVE-2011-1983
Platform: Microsoft Office
Title: Microsoft Word Access Violation Remote Code Execution
Description: Microsoft Word is a word processor available for multiple
platforms. The application is exposed to a remote code execution
issue. This issue is due to an access violation error when handling a
specially crafted Word file. All supported editions of Microsoft
Office 2007, Microsoft Office 2010 and Microsoft Office for Mac 2011.
are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/ms11-089
11.51.10 CVE: CVE-2011-2010
Platform: Microsoft Office
Title: Microsoft Pinyin IME Local Privilege Escalation
Description: Microsoft Pinyin IME is allows a user to
input Chinese characters by entering the pinyin of a Chinese character
and then presents the user with a list of possible characters with
that pronunciation. The application is exposed to a local
privilege escalation issue that affects Microsoft Office IME (Chinese)
because it improperly exposes configuration options not designed to
run on the secure desktop. All supported editions of Microsoft Office
2010 where Microsoft Pinyin IME 2010 is installed, Microsoft Office
Pinyin SimpleFast Style 2010 and Microsoft Office Pinyin New
Experience Style 2010 are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/ms11-088
11.51.11 CVE: CVE-2011-3404
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Cross-Domain Information Disclosure
Description: Microsoft Internet Explorer is a web browser for Windows
platforms. The application is exposed to a cross-domain information
disclosure issue. This issue occurs because the application fails to
properly enforce the content settings supplied by the Web server.
Internet Explorer 6 on all supported editions of Windows XP, Internet
Explorer 7, Internet Explorer 8 and Internet Explorer 9 on Windows
clients and Internet Explorer on Windows servers are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS11-099
11.51.12 CVE: CVE-2011-3401
Platform: Other Microsoft Products
Title: Microsoft Windows Media Player And Media Center “.dvr-ms” Files
Remote Code Execution
Description: Microsoft Windows Media Player and Windows Media Center
are multimedia applications available for the Windows operating
system. The applications are exposed to a remote code execution issue
when handling specially crafted “.dvr-ms” media files. Windows XP
(including Windows XP Media Center Edition 2005) and all supported
editions of Windows Vista and Windows 7 are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS11-092
11.51.13 CVE: Not Available
Platform: Third Party Windows Apps
Title: Winamp Multiple Integer Overflow Vulnerabilities
Description: Winamp is a multiform media player for Microsoft Windows
platforms. The application is exposed to multiple integer overflow
issues in the “in_avi.dll” file. An integer overflow issue occurs when
allocating memory using the number of stream headers. An attacker can
trigger a heap overflow by enticing an unsuspecting user to open a
specially crafted AVI file. An integer overflow issue occurs when
parsing the “RIFF INFO” chunk included in an AVI file. An attacker can
exploit this issue by enticing an unsuspecting victim to open a specially
crafted AVI file. An integer overflow issue occurs when parsing song
message data included in an Impulse Tracker file. Winamp versions prior
to 5.623 are vulnerable.
Ref: http://forums.winamp.com/showthread.php?t=332010
http://www.securityfocus.com/archive/1/520827
11.51.14 CVE: CVE-2011-4717
Platform: Third Party Windows Apps
Title: zFTPServer “rmdir” Command Directory Traversal
Description: zFTPServer is a file transfer server for Microsoft
Windows. The application is exposed to a directory traversal issue
because it fails to sufficiently sanitize directory traversal strings
(..) passed to the “rmdir” command. zFTPServer 6.0.0.52 is vulnerable
and prior versions may also be affected.
Ref: http://www.securityfocus.com/archive/1/520822
http://www.securityfocus.com/bid/51018/references
11.51.15 CVE: CVE-2011-3339
Platform: Third Party Windows Apps
Title: SafeNet Sentinel HASP and 7T IGSS Unspecified HTML Injection
Description: Sentinel HASP is a digital license manager. 7T IGSS is an
application using the SafeNet Sentinel HASP SDK for its digital
license manager to enable its software products. The applications are
exposed to an HTML injection issue because they fail to properly
sanitize user-supplied input. Specifically, attackers can craft and
inject HTML code into the configuration file. Sentinel HASP SDK prior
to 5.11, Sentinel HASP Run-time prior to 6.x and 7 Technologies (7T)
IGSS 7 are affected.
Ref: http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf
http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/
11.51.16 CVE: CVE-2011-4346
Platform: Linux
Title: Red Hat Network Satellite Server Description Field HTML
Injection
Description: The Red Hat Network Satellite Server is a server
application that allows users to perform Red Hat Network updates on
computers not directly attached to the Internet. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input to the asset tag/key in the “Description”
field. Red Hat Network Satellite Server version 5.4 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=742050
http://www.securityfocus.com/bid/50963/references
http://rhn.redhat.com/errata/RHSA-2011-1794.html
11.51.17 CVE: CVE-2011-4539
Platform: Linux
Title: ISC DHCP Regular Expressions Denial of Service
Description: ISC DHCP is a reference implementation of the DHCP
protocol and includes a DHCP server, client, and relay agent. The
application is exposed to a denial of service issue. Specifically, the
application crashes when processing a crafted evaluated regular
expression. ISC DHCP versions prior to 4.1-ESV-R4 and 4.2.3-P1 are
affected.
Ref: https://www.isc.org/software/dhcp/advisories/cve-2011-4539
11.51.18 CVE: Not Available
Platform: Cross Platform
Title: Foxit Reader Unspecified Memory Corruption
Description: Foxit Reader is a secure PDF reader. The application is
exposed to an unspecified memory corruption issue. Foxit Reader
5.1.0.1021 and prior versions are vulnerable.
Ref:
http://www.foxitsoftware.com/Secure_PDF_Reader/security_bulletins.php#termination
11.51.19 CVE: Not Available
Platform: Cross Platform
Title: Asterisk SIP “automon” NULL Pointer Dereference Denial Of
Service
Description: Asterisk is a private branch exchange application
available for Linux, BSD and Mac OSX platforms. The server is
exposed to a remote denial of service issue caused by a
NULL pointer dereference error. Specifically, the issue occurs because
the server fails to properly handle malicious session initiation
protocol requests when the “automon” feature is enabled in the
“features.conf” file. Asterisk versions 1.8.x prior to 1.8.7.2 and
1.6.2.x prior to 1.6.2.21 are affected.
Ref: http://downloads.asterisk.org/pub/security/AST-2011-014.html
11.51.20 CVE: Not Available
Platform: Cross Platform
Title: PuTTY SSH keyboard Interactive Authentication Password
Information Disclosure
Description: PuTTY is a free Telnet and SSH client. The
application is exposed to an information disclosure issue.
Specifically, this issue occurs because the application fails to
properly clean the replies typed by the user from memory during
keyboard interactive authentication. PuTTY versions 0.59 through 0.61
are vulnerable.
Ref:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html
11.51.21 CVE: CVE-2011-4263
Platform: Cross Platform
Title: Schneider Electric PowerChute Business Edition Unspecified
Cross-Site Scripting
Description: PowerChute Business Edition from Schneider Electric is an
application for power management. This application is exposed to a
cross-site scripting issue because it fails to properly sanitize
user-supplied input submitted to unspecified vectors. PowerChute
Business Edition versions prior to 8.5 are vulnerable.
Ref: http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000100.html
http://www.securityfocus.com/bid/51022/references
11.51.22 CVE: CVE-2011-4687,CVE-2011-4686, CVE-2011-4685,CVE-2011-4684
Platform: Cross Platform
Title: Opera Web Browser Multiple Denial of Service and Unspecified
Vulnerabilities
Description: Opera is a Web browser available for multiple platforms.
The application is exposed to multiple issues. An unspecified issue
occurs because the application fails to properly handle certificate
revocation. A denial of service issue occurs in the Web Workers
implementation. Multiple unspecified denial of service issues exist.
Versions prior to Opera Web Browser 11.60 are vulnerable.
Ref: http://www.opera.com/docs/changelogs/mac/1160/
http://www.opera.com/docs/changelogs/unix/1160/
http://www.opera.com/docs/changelogs/windows/1160/
http://www.securityfocus.com/bid/51027/references
11.51.23 CVE: CVE-2011-4368,CVE-2011-2463
Platform: Web Application - Cross Site Scripting
Title: Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities
Description: Adobe ColdFusion is an application for developing
web sites. The application is exposed to two cross-site scripting
issues. See detailed information in reference. ColdFusion 9.0.1, 9.0,
8.0.1 and 8.0 for Windows, Macintosh and UNIX are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb11-29.html
11.51.24 CVE: CVE-2011-4265
Platform: Web Application - Cross Site Scripting
Title: phpWebSite Unspecified Cross-Site Scripting
Description: phpWebSite is a web-based content manager. The
application is exposed to an unspecified cross-site scripting issue
because it fails to sanitize user-supplied input. phpWebSite versions
prior to 1.0.0 are vulnerable.
Ref: http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000103.html
http://www.securityfocus.com/bid/51026/references
11.51.25 CVE: CVE-2011-4679
Platform: Web Application
Title: vtiger CRM Leads Module Security Bypass
Description: vtiger CRM is a PHP-based customer relationship
management application. The application is exposed to a
security bypass issue because it fails to properly
recognize the disabled status of a field in the Leads module. Versions
prior to vtiger CRM 5.3.0 are vulnerable.
Ref: http://wiki.vtiger.com/index.php/Oct2011:ODUpdate
http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7003
http://www.securityfocus.com/bid/51024/references
11.51.26 CVE: CVE-2011-4202
Platform: Hardware
Title: Restorepoint Insecure File Permissions Local Privilege
Escalation
Description: Restorepoint is a network appliance backup and disaster
recovery system. The application is exposed to a local privilege
escalation issue because of an insecure file permission error.
Specifically, this issue occurs because certain scripts running with
root privileges have insecure permissions, which allow local attackers
to modify them. Restorepoint 3.2 is affected and other versions may
also be vulnerable.
Ref: https://www.trustmatta.com/advisories/MATTA-2011-003.txt
http://www.securityfocus.com/bid/50991/references