Weekly Vulnerabilities Reports > September 20 to 26, 2010

Overview

5 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 16 products from 9 vendors including Opensuse, Canonical, Linux, Suse, and Vmware. Vulnerabilities are notably categorized as "Use After Free", "Off-by-one Error", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Memory Leak".

  • 2 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities are exploitable by an anonymous user.
  • Opensuse has the most reported vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

3 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-09-24 CVE-2010-1773 Google
Redhat
Canonical
Opensuse
Fedoraproject 		Off-by-one Error vulnerability in multiple products

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.
8.8
2010-09-24 CVE-2010-1772 Google
Redhat
Canonical
Opensuse
Fedoraproject 		Use After Free vulnerability in multiple products

Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.
8.8
2010-09-24 CVE-2010-3081 Linux
Vmware
Suse 		Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.
7.8

2 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-09-21 CVE-2010-3078 Linux
Opensuse
Suse
Canonical
Vmware 		Information Exposure vulnerability in multiple products

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.
5.5
2010-09-21 CVE-2010-2942 Linux
Canonical
Opensuse
Suse
Avaya
Vmware 		Memory Leak vulnerability in multiple products

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
5.5

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS