Weekly Vulnerabilities Reports > March 28 to April 3, 2011
Overview
31 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 31 products from 24 vendors including Gentoo, Glyphandcog, T1Lib, Foolabs, and Debian. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-Site Request Forgery (CSRF)".
- 20 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 30 reported vulnerabilities are exploitable by an anonymous user.
- Gentoo has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Videolan has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-03-28 | CVE-2010-3276 | Videolan | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file. | 9.3 |
2011-03-28 | CVE-2010-3275 | Videolan | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability." | 9.3 |
2 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-03-29 | CVE-2011-1472 | Nokia | Improper Authentication vulnerability in Nokia E75 and E75 Firmware The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time. | 7.2 |
2011-03-28 | CVE-2011-1420 | EMC Oracle | Permissions, Privileges, and Access Controls vulnerability in multiple products EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | 7.2 |
25 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-03-31 | CVE-2011-0727 | Gnome | Link Following vulnerability in Gnome GDM GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | 6.9 |
2011-03-30 | CVE-2011-1551 | Novell | Permissions, Privileges, and Access Controls vulnerability in Novell Opensuse Factory SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon. | 6.9 |
2011-03-30 | CVE-2011-1154 | Gentoo | Improper Input Validation vulnerability in Gentoo Logrotate The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. | 6.9 |
2011-03-29 | CVE-2011-1205 | IBM | Buffer Errors vulnerability in IBM products Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone. | 6.9 |
2011-03-28 | CVE-2011-0458 | Unspecified vulnerability in Google Picasa 3.6 Untrusted search path vulnerability in the Locate on Disk feature in Google Picasa before 3.8 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | 6.9 | |
2011-03-31 | CVE-2011-0764 | T1Lib Foolabs Glyphandcog | Improper Input Validation vulnerability in multiple products t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf. | 6.8 |
2011-03-28 | CVE-2011-0545 | Symantec | Cross-Site Request Forgery (CSRF) vulnerability in Symantec Liveupdate Administrator 2.2.2.9 Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter. | 6.8 |
2011-03-30 | CVE-2011-1550 | Gentoo Novell | Permissions, Privileges, and Access Controls vulnerability in Gentoo Logrotate The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages. | 6.3 |
2011-03-30 | CVE-2011-1549 | Gentoo | Permissions, Privileges, and Access Controls vulnerability in Gentoo Logrotate The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. | 6.3 |
2011-03-30 | CVE-2011-1548 | Gentoo Debian | Permissions, Privileges, and Access Controls vulnerability in Gentoo Logrotate The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/. | 6.3 |
2011-03-28 | CVE-2011-0440 | Mahara | Cross-Site Request Forgery (CSRF) vulnerability in Mahara Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs. | 5.8 |
2011-03-31 | CVE-2011-1175 | Digium | Denial Of Service vulnerability in Asterisk TCP/TLS Server NULL Pointer Dereference tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API. | 5.0 |
2011-03-31 | CVE-2011-1174 | Digium | Resource Management Errors vulnerability in Digium Asterisk manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data. | 5.0 |
2011-03-31 | CVE-2011-0963 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco NAC Guest Server and NAC Guest Server Software The default configuration of the RADIUS authentication feature on the Cisco Network Admission Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access restrictions and obtain network connectivity via unspecified vectors, aka Bug ID CSCtj66922. | 5.0 |
2011-03-29 | CVE-2010-1675 | Quagga | Resource Management Errors vulnerability in Quagga bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. | 5.0 |
2011-03-29 | CVE-2010-1674 | Quagga | Denial Of Service vulnerability in Quagga BGP Daemon Null Pointer Deference The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. | 5.0 |
2011-03-31 | CVE-2011-1554 | T1Lib Foolabs Glyphandcog | Numeric Errors vulnerability in multiple products Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. | 4.3 |
2011-03-31 | CVE-2011-1553 | T1Lib Foolabs Glyphandcog | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764. | 4.3 |
2011-03-31 | CVE-2011-1552 | T1Lib Foolabs Glyphandcog | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764. | 4.3 |
2011-03-31 | CVE-2010-3695 | Horde | Cross-Site Scripting vulnerability in Horde Groupware and IMP Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration. | 4.3 |
2011-03-29 | CVE-2011-1176 | MPM ITK Project Debian | The configuration merger in itk.c in the Steinar H. | 4.3 |
2011-03-29 | CVE-2011-0892 | HP | Cross-Site Scripting vulnerability in HP Diagnostics 7.5/8.0 Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8.0x before 8.05.54.225 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2011-03-28 | CVE-2011-1524 | Symantec | Cross-Site Scripting vulnerability in Symantec Liveupdate Administrator Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545. | 4.3 |
2011-03-28 | CVE-2011-0760 | Adminofsystem Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Adminofsystem WP Related Posts 1.0 Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration screen in wp-relatedposts.php in the WP Related Posts plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the (1) wp_relatedposts_title, (2) wp_relatedposts_num, or (3) wp_relatedposts_type parameter. | 4.3 |
2011-03-28 | CVE-2011-0439 | Mahara | Cross-Site Scripting vulnerability in Mahara Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-03-29 | CVE-2011-0728 | Michael Hudson Doyle | Cross-Site Scripting vulnerability in Michael Hudson-Doyle Loggerhead Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view. | 3.5 |
2011-03-30 | CVE-2011-1155 | Gentoo | Resource Management Errors vulnerability in Gentoo Logrotate The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. | 1.9 |