Weekly Vulnerabilities Reports > March 21 to 27, 2011

Overview

54 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 43 products from 25 vendors including Apple, IBM, Google, Debian, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Numeric Errors", "SQL Injection", and "Resource Management Errors".

  • 47 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 46 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 23 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-03-25 CVE-2011-1519 IBM Improper Authentication vulnerability in IBM Lotus Domino

The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field.

10.0
2011-03-23 CVE-2010-4773 Hitachi
Microsoft
Linux
IBM
Remote Security vulnerability in Hitachi products

Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D 2010.11.15 and 07-50 -/D 2010.11.15 on Linux, and before 07-50 -/C 2010.11.15 on AIX; allows remote attackers to execute arbitrary code via unknown attack vectors.

10.0
2011-03-22 CVE-2011-1505 IBM Unspecified vulnerability in IBM Lotus Quickr 8.1

Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2.

10.0
2011-03-22 CVE-2011-0331 Honeywell Resource Management Errors vulnerability in Honeywell Scanserver Activex Control 780.0.20.5

Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document.

9.3
2011-03-22 CVE-2010-4228 Novell Buffer Errors vulnerability in Novell Netware 5.1/6.0/6.5

Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.

9.0

14 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-03-25 CVE-2011-1296 Google
Apple
Improper Input Validation vulnerability in Google Chrome

Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5
2011-03-25 CVE-2011-1295 Apple
Google
Improper Input Validation vulnerability in Google Chrome

WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors.

7.5
2011-03-25 CVE-2011-1294 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5
2011-03-25 CVE-2011-1293 Google
Debian
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2011-03-25 CVE-2011-1292 Google
Debian
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2011-03-25 CVE-2011-1291 Google Classic Buffer Overflow vulnerability in Google Chrome

Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."

7.5
2011-03-23 CVE-2010-4776 Preprojects SQL Injection vulnerability in Preprojects PRE Online Tests Generator

SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter.

7.5
2011-03-23 CVE-2010-4774 Auracms SQL Injection vulnerability in Auracms 1.62

SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.

7.5
2011-03-23 CVE-2010-4771 Matteoiammarrone SQL Injection vulnerability in Matteoiammarrone S-Cms 2.5

SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2011-03-23 CVE-2010-4770 Commodityrentals SQL Injection vulnerability in Commodityrentals DVD Rentals Script

SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.

7.5
2011-03-23 CVE-2010-4769 Janguo
Joomla
Path Traversal vulnerability in Janguo COM Jimtawl 1.0.2

Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..

7.5
2011-03-25 CVE-2011-1520 IBM Improper Authentication vulnerability in IBM Lotus Domino

The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.

7.2
2011-03-23 CVE-2011-0182 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.

7.2
2011-03-22 CVE-2011-1006 Balbir Singh Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Balbir Singh Libcgroup

Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application.

7.2

25 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-03-25 CVE-2011-1400 Debian
Canonical
Configuration vulnerability in multiple products

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

6.8
2011-03-23 CVE-2011-0194 Apple Numeric Errors vulnerability in Apple Imageio, mac OS X and mac OS X Server

Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

6.8
2011-03-23 CVE-2011-0193 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

6.8
2011-03-23 CVE-2011-0188 Ruby Lang
Apple
Numeric Errors vulnerability in Ruby-Lang Ruby

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue." Per: http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html 'This issue only affects 64-bit Ruby processes'.

6.8
2011-03-23 CVE-2011-0186 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime

QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.

6.8
2011-03-23 CVE-2011-0184 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes.

6.8
2011-03-23 CVE-2011-0181 Apple Numeric Errors vulnerability in Apple Imageio, mac OS X and mac OS X Server

Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.

6.8
2011-03-23 CVE-2011-0179 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.

6.8
2011-03-23 CVE-2011-0177 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font.

6.8
2011-03-23 CVE-2011-0176 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font.

6.8
2011-03-23 CVE-2011-0175 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.

6.8
2011-03-23 CVE-2011-0174 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font.

6.8
2011-03-23 CVE-2011-0173 Apple USE of Externally-Controlled Format String vulnerability in Apple Applescript, mac OS X and mac OS X Server

Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application.

6.8
2011-03-22 CVE-2011-1506 Kerio Improper Input Validation vulnerability in Kerio Connect and Kerio Mailserver

The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

6.8
2011-03-22 CVE-2011-0759 Blaenkdenum
Wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Blaenkdenum Wp-Recaptcha 2.9.8.2

Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter.

6.8
2011-03-25 CVE-2011-0890 HP
Microsoft
Information Exposure vulnerability in HP Discovery&Dependency Mapping Inventory

HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community.

5.0
2011-03-23 CVE-2010-4775 Nicholas Thompson
Drupal
Improper Input Validation vulnerability in Nicholas Thompson Relevant Content

The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships.

5.0
2011-03-23 CVE-2011-0189 Apple Configuration vulnerability in Apple mac OS X, mac OS X Server and Terminal

The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities.

5.0
2011-03-23 CVE-2011-0183 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue."

5.0
2011-03-22 CVE-2008-7285 IBM Unspecified vulnerability in IBM Lotus Quickr 8.1

Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, aka SPR JFLD7GZT25.

5.0
2011-03-23 CVE-2011-0172 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162.

4.9
2011-03-23 CVE-2010-4772 Matteoiammarrone Cross-Site Scripting vulnerability in Matteoiammarrone S-Cms 2.5

Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php.

4.3
2011-03-23 CVE-2011-0190 Apple Improper Input Validation vulnerability in Apple Installer, mac OS X and mac OS X Server

Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server.

4.3
2011-03-23 CVE-2011-0187 Apple Information Exposure vulnerability in Apple mac OS X, mac OS X Server and Quicktime

The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.

4.3
2011-03-22 CVE-2011-1414 Tibco Cross-Site Scripting vulnerability in Tibco Tibbr and Tibbr Service

Cross-site scripting (XSS) vulnerability in the tibbr web server, as used in TIBCO tibbr 1.0.0 through 1.5.0 and tibbr Service 1.0.0 through 1.5.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-03-22 CVE-2009-5062 IBM Resource Management Errors vulnerability in IBM Lotus Quickr 8.1

IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9.

3.5
2011-03-22 CVE-2009-5060 IBM Unspecified vulnerability in IBM Lotus Quickr 8.1

Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX.

3.5
2011-03-22 CVE-2009-5059 IBM Unspecified vulnerability in IBM Lotus Quickr 8.1

Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J.

3.5
2011-03-22 CVE-2009-5058 IBM Unspecified vulnerability in IBM Lotus Quickr 8.1

Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is accessed through a connector, aka SPR RELS7LARKR.

3.5
2011-03-22 CVE-2008-7286 IBM Improper Input Validation vulnerability in IBM Lotus Quickr 8.1

IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XFXF7JDBCX.

3.5
2011-03-22 CVE-2008-7284 IBM Resource Management Errors vulnerability in IBM Lotus Quickr 8.1

IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8.

3.5
2011-03-23 CVE-2011-0180 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.

2.1
2011-03-23 CVE-2011-0178 Apple Information Exposure vulnerability in Apple Carboncore, mac OS X and mac OS X Server

The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.

2.1
2011-03-22 CVE-2011-1022 Balbir Singh Permissions, Privileges, and Access Controls vulnerability in Balbir Singh Libcgroup

The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.

2.1
2011-03-22 CVE-2009-5061 IBM Unspecified vulnerability in IBM Lotus Quickr 8.1

Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UPB9N.

2.1