Weekly Vulnerabilities Reports > January 24 to 30, 2011

Overview

64 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 46 products from 38 vendors including Linux PAM, SUN, Mozilla, Novell, and Cisco. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Cross-Site Request Forgery (CSRF)", and "Resource Management Errors".

  • 45 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 16 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 61 reported vulnerabilities are exploitable by an anonymous user.
  • Linux PAM has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • SUN has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-01-28 CVE-2010-4326 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise

Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message.

10.0
2011-01-28 CVE-2010-4325 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise

Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message.

10.0
2011-01-28 CVE-2010-4643 SUN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Openoffice.Org

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.

9.3
2011-01-28 CVE-2010-4253 SUN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Openoffice.Org

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.

9.3
2011-01-28 CVE-2010-3454 SUN
Canonical
Numeric Errors vulnerability in multiple products

Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.

9.3
2011-01-28 CVE-2010-3453 SUN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Openoffice.Org

The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.

9.3
2011-01-28 CVE-2010-3452 SUN Resource Management Errors vulnerability in SUN Openoffice.Org

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.

9.3
2011-01-28 CVE-2010-3451 SUN
Canonical
Remote Code Execution vulnerability in OpenOffice

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document.

9.3
2011-01-28 CVE-2010-3450 SUN
Canonical
Path Traversal vulnerability in multiple products

Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a ..

9.3
2011-01-25 CVE-2011-0021 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.

9.3
2011-01-25 CVE-2011-0273 HP Buffer Errors vulnerability in HP Openview Storage Data Protector Cell Manager 6.11

Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell Manager 6.11 allows remote attackers to execute arbitrary code via unspecified message types.

9.3
2011-01-28 CVE-2010-2777 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise 7.0/8.0

Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command.

9.0
2011-01-28 CVE-2011-0018 Openvas Improper Input Validation vulnerability in Openvas Manager

The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).

9.0

13 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-01-28 CVE-2011-0350 Cisco Denial of Service vulnerability in Cisco Content Services Gateway Malformed TCP Packet (CVE-2011-0350)

Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth41891, a different vulnerability than CVE-2011-0349.

7.8
2011-01-28 CVE-2011-0349 Cisco Denial of Service vulnerability in Cisco Content Services Gateway Malformed TCP Packet (CVE-2011-0349)

Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth17178, a different vulnerability than CVE-2011-0350.

7.8
2011-01-24 CVE-2011-0352 Cisco Buffer Errors vulnerability in Cisco products

Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long string in a POST request.

7.8
2011-01-28 CVE-2010-4709 Automatedsolutions Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Automatedsolutions Modbus/Tcp Master OPC Server

Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field.

7.6
2011-01-24 CVE-2011-0020 Gnome
Pango
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

7.6
2011-01-28 CVE-2011-0651 Icon Labs Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Icon-Labs Iconfidant SSL Server

Buffer overflow in the key exchange functionality in Icon Labs Iconfidant SSL Server before 1.3.0 allows remote attackers to execute arbitrary code via a client master key packet in which the sum of unspecified length fields is greater than a certain value.

7.5
2011-01-28 CVE-2011-0520 Maradns Buffer Errors vulnerability in Maradns 1.4.03/1.4.05

The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow.

7.5
2011-01-28 CVE-2010-4568 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla

Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function.

7.5
2011-01-25 CVE-2011-0646 Anserv SQL Injection vulnerability in Anserv PHP LOW Bids

SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2011-01-25 CVE-2011-0645 Phpcms SQL Injection vulnerability in PHPcms 2008 2

SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.

7.5
2011-01-25 CVE-2011-0644 Phpcms SQL Injection vulnerability in PHPcms 2008 2

SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.

7.5
2011-01-24 CVE-2010-4708 Linux PAM Unspecified vulnerability in Linux-Pam

The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.

7.2
2011-01-28 CVE-2011-0275 HP Denial of Service vulnerability in HP OpenView Storage Data Protector 6.0/6.10/6.11

Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to cause a denial of service via unknown vectors.

7.1

33 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-01-28 CVE-2010-3689 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Openoffice.Org

soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

6.9
2011-01-28 CVE-2011-0343 Oneidentity
Freebsd
HP
Permissions, Privileges, and Access Controls vulnerability in Oneidentity Syslog-Ng

Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.

6.9
2011-01-25 CVE-2011-0640 Kernel
Linux
Configuration vulnerability in multiple products

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.

6.9
2011-01-25 CVE-2011-0639 Apple Configuration vulnerability in Apple mac OS X

Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.

6.9
2011-01-25 CVE-2011-0638 Microsoft Configuration vulnerability in Microsoft Windows

Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.

6.9
2011-01-24 CVE-2010-3927 Lunascape DLL Loading Arbitrary Code Execution vulnerability in Lunascape

Untrusted search path vulnerability in Lunascape before 6.4.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

6.9
2011-01-24 CVE-2010-3853 Linux PAM Unspecified vulnerability in Linux-Pam

pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.

6.9
2011-01-28 CVE-2011-0678 Lomtec Unspecified vulnerability in Lomtec Activeweb 3.0

Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm.

6.8
2011-01-28 CVE-2011-0650 Greenbone Cross-Site Request Forgery (CSRF) vulnerability in Greenbone Security Assistant 2.0

Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager.

6.8
2011-01-28 CVE-2011-0046 Mozilla Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla

Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi.

6.8
2011-01-25 CVE-2011-0643 Phplinkdirectory Cross-Site Request Forgery (CSRF) vulnerability in PHPlinkdirectory PHP Link Directory 4.1.0

Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link Directory (phpLD) 4.1.0 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via the N action.

6.8
2011-01-28 CVE-2011-0348 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IOS

Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass intended access restrictions and intended billing restrictions by sending HTTP traffic to a restricted destination after sending HTTP traffic to an unrestricted destination, aka Bug ID CSCtk35917.

6.4
2011-01-25 CVE-2010-4255 Citrix Unspecified vulnerability in Citrix XEN

The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.

6.1
2011-01-25 CVE-2010-4353 Menalto Unspecified vulnerability in Menalto Gallery

Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

6.0
2011-01-28 CVE-2011-0679 IBM Information Exposure vulnerability in IBM Websphere Portal

IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message."

5.0
2011-01-24 CVE-2011-0410 Collabnet Cryptographic Issues vulnerability in Collabnet Scrumworks 1.8.4

CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by (1) sniffing the network for transmissions of Java objects or (2) reading the database.

5.0
2011-01-25 CVE-2011-0637 IBM Denial of Service vulnerability in IBM AIX 6.1

The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors.

4.9
2011-01-24 CVE-2010-4707 Linux PAM Resource Management Errors vulnerability in Linux-Pam

The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file.

4.9
2011-01-24 CVE-2010-4706 Linux PAM Denial of Service and Security Bypass vulnerability in Linux-PAM 'pam_xauth' Module

The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check.

4.9
2011-01-24 CVE-2010-3435 Linux PAM Unspecified vulnerability in Linux-Pam

The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.

4.7
2011-01-24 CVE-2010-3430 Linux PAM Unspecified vulnerability in Linux-Pam 1.1.2

The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.

4.7
2011-01-28 CVE-2010-2779 Novell Cross-Site Scripting vulnerability in Novell Groupwise 8.0

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."

4.3
2011-01-28 CVE-2010-2778 Novell Cross-Site Scripting vulnerability in Novell Groupwise 7.0/8.0

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit."

4.3
2011-01-28 CVE-2010-4710 Yahoo Cross-Site Scripting vulnerability in Yahoo YUI

Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570.

4.3
2011-01-28 CVE-2011-0048 Mozilla Cross-Site Scripting vulnerability in Mozilla Bugzilla

Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or (2) data: URI in the URL (aka bug_file_loc) field, which allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI.

4.3
2011-01-28 CVE-2010-4572 Mozilla Code Injection vulnerability in Mozilla Bugzilla

CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a different vulnerability than CVE-2010-2761 and CVE-2010-4411.

4.3
2011-01-28 CVE-2010-4570 Mozilla Cross-Site Scripting vulnerability in Mozilla Bugzilla

Cross-site scripting (XSS) vulnerability in the duplicate-detection functionality in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the summary field, related to the DataTable widget in YUI.

4.3
2011-01-28 CVE-2010-4569 Mozilla Cross-Site Scripting vulnerability in Mozilla Bugzilla

Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI.

4.3
2011-01-28 CVE-2010-4567 Mozilla Cross-Site Scripting vulnerability in Mozilla Bugzilla

Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the URL (aka bug_file_loc) field.

4.3
2011-01-25 CVE-2011-0642 Network 13 Cross-Site Request Forgery (CSRF) vulnerability in Network-13 N-13 News 3.4/3.7/4.0

Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action.

4.3
2011-01-25 CVE-2011-0641 Heart5
Wordpress
Cross-Site Scripting vulnerability in Heart5 Statpresscn 1.9.0

Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) what1, (2) what2, (3) what3, (4) what4, and (5) what5 parameters.

4.3
2011-01-25 CVE-2011-0009 Bestpractical Cryptographic Issues vulnerability in Bestpractical RT

Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.

4.3
2011-01-24 CVE-2011-0274 HP Cross-Site Scripting vulnerability in HP products

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-01-24 CVE-2010-3316 Linux PAM Unspecified vulnerability in Linux-Pam

The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.

3.3
2011-01-28 CVE-2011-0652 Looknstop Improper Input Validation vulnerability in Looknstop Look 'N' Stop Firewall 2.06/2.07

lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure.

2.1
2011-01-25 CVE-2010-4256 Linux Improper Input Validation vulnerability in Linux Kernel

The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 does not properly determine whether a file is a named pipe, which allows local users to cause a denial of service via an F_SETPIPE_SZ fcntl call.

2.1
2011-01-25 CVE-2010-4341 Fedorahosted
Fedoraproject
Resource Management Errors vulnerability in multiple products

The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.

2.1
2011-01-24 CVE-2010-3431 Linux PAM Unspecified vulnerability in Linux-Pam 1.1.2

The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.

1.9