Weekly Vulnerabilities Reports > October 19 to 25, 2009

Overview

112 new vulnerabilities reported during this period, including 32 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 73 products from 51 vendors including Oracle, Adobe, Linux, Poppler, and Glyphandcog. Vulnerabilities are notably categorized as "Numeric Errors", "Resource Management Errors", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-site Scripting".

  • 96 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 14 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 91 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 36 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 18 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

32 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-23 CVE-2009-2281 Osgeo
UMN
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow.

10.0
2009-10-22 CVE-2009-3403 Oracle Unspecified vulnerability in Oracle BEA Product Suite R27.6.4

Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2009-10-22 CVE-2009-1992 Oracle
Microsoft
Remote Core RDBMS vulnerability in Oracle Database Server 10.1.0.5/10.2.0.4/9.2.0.8

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2009-10-22 CVE-2009-1985 Oracle Remote Network Authentication vulnerability in Oracle Database

Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2009-10-22 CVE-2009-1979 Oracle Remote Buffer Overflow vulnerability in Oracle Database Server 10.1.0.5/10.2.0.4

Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2009-10-22 CVE-2008-3685 EMC Path Traversal vulnerability in EMC Documentum Applicationxtender Workflow Manager

Directory traversal vulnerability in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to upload arbitrary files, and execute arbitrary code, via directory traversal sequences in requests to TCP port 2606.

10.0
2009-10-22 CVE-2008-3684 EMC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Documentum Applicationxtender

Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to execute arbitrary code via crafted packet data to TCP port 2606.

10.0
2009-10-21 CVE-2009-3608 Foolabs
Glyphandcog
Poppler
Glyph AND COG
Gnome
KDE
Tetex
Numeric Errors vulnerability in multiple products

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

9.3
2009-10-21 CVE-2009-3607 Poppler Numeric Errors vulnerability in Poppler

Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

9.3
2009-10-21 CVE-2009-3606 Foolabs
Glyphandcog
Poppler
KDE
Numeric Errors vulnerability in multiple products

Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

9.3
2009-10-21 CVE-2009-3604 Gnome
KDE
Foolabs
Glyphandcog
Poppler
Resource Management Errors vulnerability in multiple products

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

9.3
2009-10-21 CVE-2009-3603 Foolabs
Glyphandcog
Poppler
Numeric Errors vulnerability in multiple products

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

9.3
2009-10-19 CVE-2009-3461 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Acrobat

Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors.

9.3
2009-10-19 CVE-2009-3460 Adobe Resource Management Errors vulnerability in Adobe Acrobat

Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

9.3
2009-10-19 CVE-2009-3458 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.

9.3
2009-10-19 CVE-2009-2998 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.

9.3
2009-10-19 CVE-2009-2997 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.

9.3
2009-10-19 CVE-2009-2996 Adobe Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985.

9.3
2009-10-19 CVE-2009-2994 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.

9.3
2009-10-19 CVE-2009-2993 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file.

9.3
2009-10-19 CVE-2009-2991 Adobe Remote vulnerability in RETIRED: Adobe Reader and Acrobat October 2009

Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors.

9.3
2009-10-19 CVE-2009-2990 Adobe Numeric Errors vulnerability in Adobe Acrobat and Acrobat Reader

Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.

9.3
2009-10-19 CVE-2009-2989 Adobe Numeric Errors vulnerability in Adobe Acrobat

Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.

9.3
2009-10-19 CVE-2009-2986 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.

9.3
2009-10-19 CVE-2009-2985 Adobe Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996.

9.3
2009-10-19 CVE-2009-2984 Adobe Remote vulnerability in RETIRED: Adobe Reader and Acrobat October 2009

Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x before 9.2, and possibly 7.x through 7.1.4 and 8.x through 8.1.7, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.

9.3
2009-10-19 CVE-2009-2983 Adobe Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

9.3
2009-10-19 CVE-2009-2982 Adobe Cryptographic Issues vulnerability in Adobe Acrobat and Acrobat Reader

An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors.

9.3
2009-10-19 CVE-2009-2981 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors.

9.3
2009-10-19 CVE-2009-2980 Adobe Numeric Errors vulnerability in Adobe Acrobat and Acrobat Reader

Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.

9.3
2009-10-19 CVE-2009-3546 Libgd
PHP
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293.

9.3
2009-10-19 CVE-2009-2970 Uitv
Baidu
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter.

9.3

14 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-23 CVE-2009-3616 Qemu Resource Management Errors vulnerability in Qemu

Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.

8.5
2009-10-19 CVE-2009-3613 Linux Resource Management Errors vulnerability in Linux Kernel

The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.

7.8
2009-10-20 CVE-2009-3617 Tatsuhiro Tsujikawa USE of Externally-Controlled Format String vulnerability in Tatsuhiro Tsujikawa Aria2

Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI.

7.6
2009-10-22 CVE-2009-3760 Citrix Code Injection vulnerability in Citrix Xencenterweb

Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter.

7.5
2009-10-22 CVE-2009-3758 Citrix SQL Injection vulnerability in Citrix Xencenterweb

SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2009-10-22 CVE-2009-3754 Kreotek SQL Injection vulnerability in Kreotek PHPbms 0.96

Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php.

7.5
2009-10-22 CVE-2009-3753 Opial Improper Input Validation vulnerability in Opial 1.0

Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php.

7.5
2009-10-22 CVE-2009-3752 Opial SQL Injection vulnerability in Opial 1.0

SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter.

7.5
2009-10-22 CVE-2009-3750 Santostefano Giovanni SQL Injection vulnerability in Santostefano Giovanni Toylog 0.1

SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter.

7.5
2009-10-22 CVE-2009-2943 Ocaml
Postgresql
Remote Security vulnerability in Ocaml Postgresql-Ocaml 1.12.1/1.5.4/1.7.0

The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

7.5
2009-10-22 CVE-2009-2942 Mysql Ocaml
Mysql
Remote Security vulnerability in Mysql-Ocaml 1.0.4

The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

7.5
2009-10-22 CVE-2009-2940 Pygresql
Python
Remote Security vulnerability in Pygresql 3.8.1/4.0

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

7.5
2009-10-22 CVE-2009-1479 Boxalino Path Traversal vulnerability in Boxalino

Directory traversal vulnerability in client/desktop/default.htm in Boxalino before 09.05.25-0421 allows remote attackers to read arbitrary files via a ..

7.5
2009-10-20 CVE-2009-3296 Gallium Inria Numeric Errors vulnerability in Gallium.Inria Camimages 2.2

Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows.

7.5

53 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-23 CVE-2009-3767 Openldap
Openssl
Cryptographic Issues vulnerability in Openldap

libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

6.8
2009-10-23 CVE-2009-3766 Mutt
Openssl
Cryptographic Issues vulnerability in Mutt 1.5.16/1.5.17/1.5.18

mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

6.8
2009-10-23 CVE-2009-3765 Mutt
Openssl
Cryptographic Issues vulnerability in Mutt 1.5.19/1.5.20

mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

6.8
2009-10-22 CVE-2009-2001 Oracle Remote PL/SQL vulnerability in Oracle Database

Unspecified vulnerability in the PL/SQL component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.5
2009-10-22 CVE-2009-1994 Oracle Remote Oracle Spatial vulnerability in Oracle Database Server 10.1.0.5

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to MDSYS.PRVT_CMT_CBK.

6.5
2009-10-22 CVE-2009-1007 Oracle Remote Data Mining vulnerability in Oracle Database Server 10.2.0.4

Unspecified vulnerability in the Data Mining component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DMP_SYS.

6.5
2009-10-22 CVE-2009-3759 Citrix Cross-Site Request Forgery (CSRF) vulnerability in Citrix Xencenterweb

Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php.

6.0
2009-10-22 CVE-2009-3400 Oracle Oracle Advanced Benefits Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.1

Unspecified vulnerability in the Oracle Advanced Benefits component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2009-10-22 CVE-2009-1993 Oracle Application Express Unspecified vulnerability in Oracle Database Server 3.0.1

Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE.

5.5
2009-10-22 CVE-2009-1964 Oracle Remote Workspace Manager vulnerability in Oracle Database Server 10.2.0.4

Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2009-10-22 CVE-2009-1018 Oracle Workspace Manager Unspecified vulnerability in Oracle Database Server 10.2.0.4

Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LTRIC (WMSYS.LTRIC).

5.5
2009-10-22 CVE-2009-3392 Oracle Remote vulnerability in Oracle E-Business Suite 6.1.0.0

Unspecified vulnerability in the Agile Engineering Data Management (EDM) component in Oracle E-Business Suite 6.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

5.4
2009-10-22 CVE-2009-1965 Oracle
Microsoft
Remote Net Foundation Layer vulnerability in Oracle Database

Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

5.4
2009-10-22 CVE-2009-3408 Oracle Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 11.5.10

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

5.1
2009-10-19 CVE-2009-3462 Adobe Remote vulnerability in RETIRED: Adobe Reader and Acrobat October 2009

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug." Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html This update resolves a Unix-only format bug when running in Debug mode that could lead to arbitrary code execution Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html Adobe Reader Adobe Reader users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows. Adobe Reader users on Macintosh can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh. Adobe Reader users on UNIX can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix. Acrobat Acrobat Standard and Pro users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows. Acrobat Pro Extended users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows Acrobat 3D users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows. Acrobat Pro users on Macintosh can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.

5.1
2009-10-22 CVE-2009-3395 Oracle Remote AutoVue vulnerability in Oracle E-Business Suite 19.3.2

Unspecified vulnerability in the AutoVue component in Oracle E-Business Suite 19.3.2 allows remote attackers to affect availability via unknown vectors.

5.0
2009-10-22 CVE-2009-2000 Oracle Remote Authentication vulnerability in Oracle Database Server 11.1.0.7

Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2009-10-22 CVE-2009-1997 Oracle Remote Authentication vulnerability in Oracle Database

Unspecified vulnerability in the Authentication component in Oracle Database 10.2.0.3 and 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2009-10-22 CVE-2009-3756 Kreotek Information Exposure vulnerability in Kreotek PHPbms 0.96

phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, and (4) choicelist.php, which reveals the installation path in an error message.

5.0
2009-10-22 CVE-2009-3749 Websense Remote Denial of Service vulnerability in Websense Email Security and Personal Email Manager

The Web Administrator service (STEMWADM.EXE) in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allows remote attackers to cause a denial of service (crash) by sending a HTTP GET request to TCP port 8181 and closing the socket before the service can send a response.

5.0
2009-10-22 CVE-2009-3744 EMC Remote Denial of Service vulnerability in EMC Replistor 6.3.1.3

rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote attackers to cause a denial of service via a crafted packet to TCP port 7144.

5.0
2009-10-20 CVE-2009-3615 Adium
Pidgin
Resource Management Errors vulnerability in multiple products

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.

5.0
2009-10-19 CVE-2006-6404 Innovationdp Denial-Of-Service vulnerability in Innovationdp Fdr/Upstrean 3

INNOVATION Data Processing FDR/UPSTREAM 3.3.0 (GA Oct 2003) allows remote attackers to cause a denial of service (service outage) via a sequence of TCP SYN packets to many ports, as demonstrated using nmap.

5.0
2009-10-22 CVE-2009-1998 Oracle Remote vulnerability in Oracle Communications Order and Service Management

Unspecified vulnerability in the Oracle Communications Order and Service Management component in Oracle Industry Applications 2.8.0, 6.2.0, 6.3.0, and 6.3.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

4.9
2009-10-22 CVE-2009-1995 Oracle Remote Advanced Queuing vulnerability in Oracle Database

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_AQ_INV.

4.9
2009-10-22 CVE-2009-3621 Linux
Canonical
Fedoraproject
Opensuse
Suse
Vmware
Resource Exhaustion vulnerability in multiple products

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.

4.9
2009-10-22 CVE-2009-3620 Linux Improper Input Validation vulnerability in Linux Kernel

The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.

4.9
2009-10-20 CVE-2009-2909 Linux Numeric Errors vulnerability in Linux Kernel

Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation.

4.9
2009-10-19 CVE-2005-4881 Linux Information Exposure vulnerability in Linux Kernel

The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions.

4.9
2009-10-23 CVE-2009-1297 Novell
Opensuse
Link Following vulnerability in multiple products

iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.

4.4
2009-10-23 CVE-2009-3622 Wordpress Cryptographic Issues vulnerability in Wordpress

Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related to the mb_convert_encoding function in PHP.

4.3
2009-10-22 CVE-2009-3407 Oracle Remote Portal vulnerability in Oracle Application Server 10.1.2.3/10.1.4.2

Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-0983.

4.3
2009-10-22 CVE-2009-3399 Oracle Remote WebLogic Server vulnerability in Oracle BEA Product Suite 7.0.6

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0.6 and 8.1.5 allows remote attackers to affect integrity, related to WLS Console.

4.3
2009-10-22 CVE-2009-3397 Oracle Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 12.0.6/12.1.1

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors.

4.3
2009-10-22 CVE-2009-3396 Oracle HTML Injection vulnerability in Oracle WebLogic Server Administration Console

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2.3, 10.0.1, and 10.3 allows remote attackers to affect integrity, related to WLS Console.

4.3
2009-10-22 CVE-2009-3393 Oracle Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.

4.3
2009-10-22 CVE-2009-2002 Oracle Remote Unspecified vulnerability in Oracle WebLogic Portal

Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 8.1.6, 9.2.3, 10.0.1, 10.2.1, and 10.3.1.0.0 allows remote attackers to affect integrity via unknown vectors.

4.3
2009-10-22 CVE-2009-1999 Oracle Remote vulnerability in Oracle Business Intelligence Enterprise Edition

Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors.

4.3
2009-10-22 CVE-2009-3757 Citrix Cross-Site Scripting vulnerability in Citrix Xencenterweb

Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php.

4.3
2009-10-22 CVE-2009-3755 Kreotek Cross-Site Scripting vulnerability in Kreotek PHPbms 0.96

Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php and (2) modules\base\myaccount.php; and the PATH_INFO to (3) modules_view.php, (4) tabledefs_options.php, and (5) adminsettings.php in phpbms\modules\base\.

4.3
2009-10-22 CVE-2009-3751 Opial Cross-Site Scripting vulnerability in Opial 1.0

Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allows remote attackers to inject arbitrary web script or HTML via the genres_parent parameter.

4.3
2009-10-22 CVE-2009-3748 Websense Cross-Site Scripting vulnerability in Websense Personal Email Manager and Websense Email Security

Multiple cross-site scripting (XSS) vulnerabilities in the Web Administrator in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allow remote attackers to inject arbitrary web script or HTML via the (1) FileName, (2) IsolatedMessageID, (3) ServerName, (4) Dictionary, (5) Scoring, and (6) MessagePart parameters to web/msgList/viewmsg/actions/msgAnalyse.asp; the (7) Queue, (8) FileName, (9) IsolatedMessageID, and (10) ServerName parameters to actions/msgForwardToRiskFilter.asp and viewHeaders.asp in web/msgList/viewmsg/; and (11) the subject in an e-mail message that is held in a Queue.

4.3
2009-10-22 CVE-2009-3747 Tbmnet Cross-Site Scripting vulnerability in Tbmnet Tbmnetcms 1.0

Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter.

4.3
2009-10-22 CVE-2009-3745 IBM Cross-Site Scripting vulnerability in IBM Rational Appscan 5.5.0.2

Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2009-10-21 CVE-2009-3609 Foolabs
Glyphandcog
Poppler
Glyph AND COG
Gnome
KDE
Numeric Errors vulnerability in multiple products

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.

4.3
2009-10-20 CVE-2009-3730 IBM Cross-Site Scripting vulnerability in IBM Rational Requisitepro 7.1.0

Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.

4.3
2009-10-19 CVE-2009-2995 Adobe Numeric Errors vulnerability in Adobe Acrobat

Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors.

4.3
2009-10-19 CVE-2009-2992 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors.

4.3
2009-10-19 CVE-2009-2988 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors.

4.3
2009-10-19 CVE-2009-2987 Adobe Remote vulnerability in RETIRED: Adobe Reader and Acrobat October 2009

Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors.

4.3
2009-10-19 CVE-2009-2979 Adobe Remote vulnerability in RETIRED: Adobe Reader and Acrobat October 2009

Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document.

4.3
2009-10-22 CVE-2009-3405 Oracle Remote JD Edwards Tools vulnerability in Oracle JD Edwards Tools

Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.1.4 allows remote authenticated users to affect integrity and availability via unknown vectors.

4.1
2009-10-22 CVE-2009-3404 Oracle Remote vulnerability in Oracle PeopleSoft PeopleTools & Enterprise Portal

Unspecified vulnerability in the PeopleSoft PeopleTools & Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.23 allows remote authenticated users to affect integrity via unknown vectors.

4.0

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-22 CVE-2009-3409 Oracle Remote vulnerability in Oracle PeopleSoft Enterprise Human Capital Management

Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 9.0 Bundle 10 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

3.6
2009-10-22 CVE-2009-1991 Oracle Remote SQL Injection vulnerability in Oracle Database Text Component 'ctxsys.drvxtabc.create_tables'

Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to CTXSYS.DRVXTABC.

3.6
2009-10-22 CVE-2009-1971 Oracle Remote Data Pump vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3/11.1.0.7

Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.7 allows remote authenticated users to affect integrity via unknown vectors.

3.5
2009-10-22 CVE-2009-3406 Oracle JD Edwards Tools Unspecified vulnerability in Oracle JD Edwards EnterpriseOne

Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.2.1 allows remote authenticated users to affect confidentiality via unknown vectors.

2.7
2009-10-22 CVE-2009-3402 Oracle Remote Oracle Applications Framework vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.1

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality via unknown vectors.

2.1
2009-10-22 CVE-2009-1972 Oracle Remote Auditing vulnerability in Oracle Database

Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL and DBMS_SQL.

2.1
2009-10-20 CVE-2009-2910 Linux
Suse
Opensuse
Canonical
Redhat
Fedoraproject
Information Exposure vulnerability in multiple products

arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.

2.1
2009-10-19 CVE-2009-3612 Linux
Opensuse
Suse
Canonical
Fedoraproject
Information Exposure vulnerability in multiple products

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.

2.1
2009-10-19 CVE-2009-3228 Linux
Canonical
Redhat
Missing Initialization of Resource vulnerability in multiple products

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.

2.1
2009-10-22 CVE-2009-3746 SUN Configuration vulnerability in SUN Solaris 10

XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711.

1.9
2009-10-22 CVE-2009-2911 Systemtap Permissions, Privileges, and Access Controls vulnerability in Systemtap 1.0

SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.

1.9
2009-10-22 CVE-2009-3401 Oracle Local Oracle Applications Technology Stack vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.1

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows local users to affect confidentiality via unknown vectors.

1.7
2009-10-22 CVE-2009-1990 Oracle Unspecified vulnerability in Oracle Application Server 10.1.3.4.1

Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors.

1.7