Weekly Vulnerabilities Reports > September 27 to October 3, 2010
Overview
18 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 45 products from 20 vendors including Linux, Canonical, Suse, Drupal, and Peter Wolanin. Vulnerabilities are notably categorized as "Path Traversal", "Improper Authentication", "Information Exposure", "Use of Externally-Controlled Format String", and "Permissions, Privileges, and Access Controls".
- 11 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 13 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
3 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-30 | CVE-2010-2943 | Linux Canonical Vmware Avaya | Information Exposure vulnerability in multiple products The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. | 8.1 |
2010-09-29 | CVE-2010-3688 | Netartmedia | Path Traversal vulnerability in Netartmedia Websiteadmin Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the lng parameter. | 7.5 |
2010-09-30 | CVE-2010-2537 | Linux Canonical Suse | The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor. | 7.1 |
13 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-29 | CVE-2010-3380 | Llnl | Local Privilege Escalation vulnerability in SLURM 'slurm' and 'slurmdbd' The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . | 6.9 |
2010-09-28 | CVE-2010-3087 | Libtiff Opensuse | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. | 6.8 |
2010-09-28 | CVE-2010-2950 | PHP | USE of Externally-Controlled Format String vulnerability in PHP Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. | 6.8 |
2010-09-28 | CVE-2010-3490 | Sangoma | Path Traversal vulnerability in Sangoma Freepbx Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. | 6.5 |
2010-09-30 | CVE-2010-3079 | Linux Canonical Suse | NULL Pointer Dereference vulnerability in multiple products kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function tracing files) via an lseek call on a file descriptor associated with the set_ftrace_filter file. | 5.5 |
2010-09-30 | CVE-2010-2538 | Linux Canonical Suse | Information Exposure vulnerability in multiple products Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call. | 5.5 |
2010-09-29 | CVE-2010-3687 | Alex Kellner Typo3 | Security Bypass vulnerability in Powermail Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validated fields," as demonstrated using the (1) Email and (2) URL fields. | 5.0 |
2010-09-29 | CVE-2010-3686 | Drupal Peter Wolanin | Improper Authentication vulnerability in multiple products The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | 5.0 |
2010-09-29 | CVE-2010-3685 | Drupal Peter Wolanin | Improper Authentication vulnerability in multiple products The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | 5.0 |
2010-09-29 | CVE-2010-3468 | Blueriver | Path Traversal vulnerability in Blueriver Mura CMS and Sava CMS Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. | 5.0 |
2010-09-29 | CVE-2010-3091 | Drupal Peter Wolanin | Improper Authentication vulnerability in multiple products The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | 5.0 |
2010-09-29 | CVE-2010-2530 | Netbsd Apple Freebsd | Numeric Errors vulnerability in multiple products Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call. | 4.9 |
2010-09-29 | CVE-2010-2453 | Synology | Cross-Site Scripting vulnerability in Synology DSM Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-29 | CVE-2010-3684 | Synology | Credentials Management vulnerability in Synology DSM The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. | 2.1 |
2010-09-28 | CVE-2010-3277 | Vmware | Permissions, Privileges, and Access Controls vulnerability in VMWare Player and Workstation The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file. | 2.1 |