Weekly Vulnerabilities Reports > October 4 to 10, 2010

Overview

85 new vulnerabilities reported during this period, including 25 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 42 products from 32 vendors including Adobe, IBM, Linux, Cmsmadesimple, and Dovecot. Vulnerabilities are notably categorized as "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", and "Code Injection".

  • 74 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 15 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 65 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 21 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 19 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

25 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-10-05 CVE-2010-3761 IBM Code Injection vulnerability in IBM Tivoli Storage Manager Fastback

Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-700.

10.0
2010-10-05 CVE-2010-3759 IBM Code Injection vulnerability in IBM Tivoli Storage Manager Fastback

FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP packet field, which allows remote attackers to execute arbitrary code via multiple requests.

10.0
2010-10-05 CVE-2010-3758 IBM Code Injection vulnerability in IBM Tivoli Storage Manager Fastback

Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to execute arbitrary code via vectors involving the (1) AGI_SendToLog (aka _SendToLog) function; the (2) group, (3) workgroup, or (4) domain name field to the USER_S_AddADGroup function; the (5) user_path variable to the FXCLI_checkIndexDBLocation function; or (6) the _AGI_S_ActivateLTScriptReply (aka ActivateLTScriptReply) function.

10.0
2010-10-05 CVE-2010-3757 IBM OS Command Injection vulnerability in IBM Tivoli Storage Manager Fastback

Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via format string specifiers located after a | (pipe) character in a string.

10.0
2010-10-05 CVE-2010-3754 IBM OS Command Injection vulnerability in IBM Tivoli Storage Manager Fastback

The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet.

10.0
2010-10-05 CVE-2010-3731 IBM Buffer Errors vulnerability in IBM DB2 9.5

Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string.

10.0
2010-10-06 CVE-2010-3658 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.

9.3
2010-10-06 CVE-2010-3632 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3658.

9.3
2010-10-06 CVE-2010-3631 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

9.3
2010-10-06 CVE-2010-3630 Adobe Unspecified vulnerability in Adobe Acrobat and Acrobat Reader

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.

9.3
2010-10-06 CVE-2010-3629 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.

9.3
2010-10-06 CVE-2010-3628 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658.

9.3
2010-10-06 CVE-2010-3627 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors.

9.3
2010-10-06 CVE-2010-3626 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889.

9.3
2010-10-06 CVE-2010-3625 Adobe Code Injection vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." Per: http://www.adobe.com/support/security/bulletins/apsb10-21.html 'This update resolves a prefix protocol handler vulnerability that could lead to code execution (CVE-2010-3625).'

9.3
2010-10-06 CVE-2010-3624 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image.

9.3
2010-10-06 CVE-2010-3623 Adobe
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

9.3
2010-10-06 CVE-2010-3622 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.

9.3
2010-10-06 CVE-2010-3621 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.

9.3
2010-10-06 CVE-2010-3620 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629.

9.3
2010-10-06 CVE-2010-3619 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.

9.3
2010-10-06 CVE-2010-2890 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.

9.3
2010-10-06 CVE-2010-2889 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626.

9.3
2010-10-06 CVE-2010-2888 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors.

9.3
2010-10-06 CVE-2010-2887 Adobe Privilege Escalation vulnerability in Adobe Acrobat and Reader for Linux

Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors.

9.3

8 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-10-05 CVE-2010-3760 IBM Resource Management Errors vulnerability in IBM Tivoli Storage Manager Fastback

FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly handle a certain failure to allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash, and recovery failure) by specifying a large size value within TCP packet data.

7.8
2010-10-08 CVE-2010-2797 Cmsmadesimple Path Traversal vulnerability in Cmsmadesimple CMS Made Simple

Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2010-10-05 CVE-2010-3742 Dustincowell Code Injection vulnerability in Dustincowell Free Simple CMS 1.0

Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) meta or (2) phpincdir parameter, a different issue than CVE-2010-3307.

7.5
2010-10-05 CVE-2010-3729 Google Integer Overflow OR Wraparound vulnerability in Google Chrome

The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.

7.5
2010-10-05 CVE-2010-3307 Dustincowell Code Injection vulnerability in Dustincowell Free Simple CMS 1.0

Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) body, (2) footer, (3) header, (4) menu_left, or (5) menu_right parameter.

7.5
2010-10-08 CVE-2010-3889 Microsoft Unspecified vulnerability in Microsoft Windows

Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.

7.2
2010-10-08 CVE-2010-3888 Microsoft Unspecified vulnerability in Microsoft Windows

Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.

7.2
2010-10-05 CVE-2010-3733 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.

7.2

44 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-10-05 CVE-2010-2653 Linux Race Condition vulnerability in Linux Kernel

Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by closing a Hypervisor Virtual Console device, related to the hvc_open and hvc_remove functions.

6.9
2010-10-04 CVE-2010-3374 Nokia Unspecified vulnerability in Nokia QT Creator

Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

6.9
2010-10-08 CVE-2010-3884 Cmsmadesimple Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple

Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password.

6.8
2010-10-08 CVE-2010-3883 Cmsmadesimple Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple

Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make permission modifications.

6.8
2010-10-05 CVE-2010-3730 Google Remote Security vulnerability in Chrome

Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue.

6.8
2010-10-04 CVE-2010-1822 Apple
Google
Opensuse
Incorrect Type Conversion OR Cast vulnerability in multiple products

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.

6.8
2010-10-04 CVE-2010-3437 Linux
Opensuse
Suse
Debian
Canonical
Null Pointer Dereference vulnerability in multiple products

Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.

6.6
2010-10-07 CVE-2010-1322 MIT Improper Input Validation vulnerability in MIT Kerberos 5

The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.

6.5
2010-10-05 CVE-2010-3753 Xelerance OS Command Injection vulnerability in Xelerance Openswan 2.6.26/2.6.27/2.6.28

programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308.

6.5
2010-10-05 CVE-2010-3752 Xelerance OS Command Injection vulnerability in Xelerance Openswan

programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.

6.5
2010-10-05 CVE-2010-3308 Xelerance Code Injection vulnerability in Xelerance Openswan 2.6.26/2.6.27/2.6.28

Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field.

6.5
2010-10-05 CVE-2010-3302 Xelerance Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xelerance Openswan

Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet.

6.5
2010-10-07 CVE-2010-3692 Apereo Path Traversal vulnerability in Apereo PHPcas

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.

6.4
2010-10-05 CVE-2010-3739 IBM Improper Authentication vulnerability in IBM DB2 Universal Database 9.5

The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery.

6.4
2010-10-06 CVE-2010-3781 Alvaro Herrera
Postgresql
Permissions, Privileges, and Access Controls vulnerability in Alvaro Herrera Pl/PHP

The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433.

6.0
2010-10-06 CVE-2010-3433 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql

The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.

6.0
2010-10-04 CVE-2010-3315 Apache Configuration vulnerability in Apache Subversion

authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.

6.0
2010-10-06 CVE-2010-3707 Dovecot Permissions, Privileges, and Access Controls vulnerability in Dovecot

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.

5.5
2010-10-06 CVE-2010-3706 Dovecot Permissions, Privileges, and Access Controls vulnerability in Dovecot

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.

5.5
2010-10-08 CVE-2010-3088 Jianping YU
Pidgin
Code Injection vulnerability in Jianping YU Pidgin-Knotify 0.1/0.1.2/0.2.0

The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message.

5.1
2010-10-08 CVE-2010-3743 Rene Tegel Path Traversal vulnerability in Rene Tegel Visual Synapse 0.50/1.0

Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and earlier, allows remote attackers to read arbitrary files via a ..

5.0
2010-10-05 CVE-2010-3756 IBM Improper Input Validation vulnerability in IBM Tivoli Storage Manager Fastback

The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP.

5.0
2010-10-05 CVE-2010-3755 IBM Resource Management Errors vulnerability in IBM Tivoli Storage Manager Fastback

The _DAS_ReadBlockReply function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via data in a TCP packet.

5.0
2010-10-05 CVE-2010-0218 ISC Permissions, Privileges, and Access Controls vulnerability in ISC Bind 9.7.2

ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query.

5.0
2010-10-05 CVE-2010-3738 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5

The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery.

5.0
2010-10-05 CVE-2010-3734 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5

The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.

5.0
2010-10-04 CVE-2010-1623 Apache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache Apr-Util

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.

5.0
2010-10-08 CVE-2010-2938 Linux
Redhat
Resource Management Errors vulnerability in Linux Kernel 2.6.18

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest.

4.9
2010-10-05 CVE-2010-3741 RIM Cryptographic Issues vulnerability in RIM Blackberry Desktop Software

The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.

4.7
2010-10-04 CVE-2010-3442 Linux
Fedoraproject
Opensuse
Suse
Debian
Canonical
Integer Overflow OR Wraparound vulnerability in multiple products

Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.

4.7
2010-10-08 CVE-2010-3887 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Mail

The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses.

4.3
2010-10-08 CVE-2010-3886 Microsoft Information Exposure vulnerability in Microsoft IE 8

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.

4.3
2010-10-08 CVE-2010-3882 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple

Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add Field Definition, or (7) Add Shortcut module.

4.3
2010-10-07 CVE-2010-3697 Freeradius Resource Management Errors vulnerability in Freeradius

The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.

4.3
2010-10-07 CVE-2010-3696 Freeradius Resource Management Errors vulnerability in Freeradius 2.1.9

The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option.

4.3
2010-10-07 CVE-2010-3690 Apereo Cross-Site Scripting vulnerability in Apereo PHPcas

Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls.

4.3
2010-10-06 CVE-2010-3657 Adobe Denial of Service vulnerability in Adobe Acrobat and Reader

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656.

4.3
2010-10-06 CVE-2010-3656 Adobe Denial of Service vulnerability in Adobe Acrobat and Reader

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657.

4.3
2010-10-06 CVE-2010-2367 Norenz Cross-Site Scripting vulnerability in Norenz Ad-Edit2 3.0.8

Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 before 3.0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-10-05 CVE-2010-3763 Mantisbt Cross-Site Scripting vulnerability in Mantisbt

Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303.

4.3
2010-10-05 CVE-2010-3762 ISC Improper Input Validation vulnerability in ISC Bind

ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query.

4.3
2010-10-06 CVE-2010-3780 Dovecot Unspecified vulnerability in Dovecot

Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.

4.0
2010-10-05 CVE-2010-3740 IBM Resource Management Errors vulnerability in IBM DB2 9.5

The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function.

4.0
2010-10-05 CVE-2010-3736 IBM Resource Management Errors vulnerability in IBM DB2 9.5

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server.

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-10-06 CVE-2010-3779 Dovecot Permissions, Privileges, and Access Controls vulnerability in Dovecot

Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.

3.5
2010-10-05 CVE-2010-3303 Mantisbt Cross-Site Scripting vulnerability in Mantisbt

Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php.

3.5
2010-10-05 CVE-2010-3737 IBM Resource Management Errors vulnerability in IBM DB2 9.5

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server.

3.5
2010-10-05 CVE-2010-3732 IBM Improper Input Validation vulnerability in IBM DB2 9.5

The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.

3.5
2010-10-05 CVE-2010-2535 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.

3.5
2010-10-07 CVE-2010-3691 Apereo Link Following vulnerability in Apereo PHPcas

PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.

3.3
2010-10-05 CVE-2010-3735 IBM Resource Management Errors vulnerability in IBM DB2 9.5

The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time.

2.1
2010-10-07 CVE-2010-3321 RSA Permissions, Privileges, and Access Controls vulnerability in RSA Authentication Client 2.0/3.0/3.5.1

RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests.

1.5