Weekly Vulnerabilities Reports > May 23 to 29, 2011
Overview
23 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 21 products from 18 vendors including IBM, Google, Dovecot, Redhat, and Linux. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Resource Management Errors", "Resource Exhaustion", and "Path Traversal".
- 19 reported vulnerabilities are remotely exploitables.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 16 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-05-24 | CVE-2011-2171 | Unspecified vulnerability in Google Chrome OS Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors. | 10.0 |
4 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-05-26 | CVE-2010-4805 | Linux Redhat | Resource Exhaustion vulnerability in multiple products The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. | 7.5 |
| 2011-05-26 | CVE-2010-4251 | Linux Vmware Redhat | Resource Exhaustion vulnerability in multiple products The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests. | 7.5 |
| 2011-05-24 | CVE-2011-1328 | Radvision | SQL Injection vulnerability in Radvision Iview Suite 5.5/5.7/7.0 SQL injection vulnerability in RADVISION iVIEW Suite before 7.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-05-24 | CVE-2011-2169 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome OS Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it. | 7.2 |
15 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-05-23 | CVE-2011-2165 | Watchguard | Permissions, Privileges, and Access Controls vulnerability in Watchguard XCS 9.0/9.1 The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 6.8 |
| 2011-05-24 | CVE-2011-2167 | Dovecot | Path Traversal vulnerability in Dovecot script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script. | 6.5 |
| 2011-05-24 | CVE-2011-2166 | Dovecot | Configuration vulnerability in Dovecot script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script. | 6.5 |
| 2011-05-24 | CVE-2011-1521 | Python | Resource Management Errors vulnerability in Python The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. | 6.4 |
| 2011-05-23 | CVE-2011-1766 | Mediawiki | Improper Authentication vulnerability in Mediawiki includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation. | 5.8 |
| 2011-05-23 | CVE-2011-1575 | Pureftpd | Resource Management Errors vulnerability in Pureftpd Pure-Ftpd The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 5.8 |
| 2011-05-26 | CVE-2010-2246 | FEH Project | Improper Input Validation vulnerability in FEH Project FEH feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL. | 5.1 |
| 2011-05-23 | CVE-2011-1926 | CMU | Permissions, Privileges, and Access Controls vulnerability in CMU Cyrus Imap Server The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 5.1 |
| 2011-05-24 | CVE-2011-1929 | Dovecot | Improper Input Validation vulnerability in Dovecot lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message. | 5.0 |
| 2011-05-24 | CVE-2011-2170 | Improper Input Validation vulnerability in Google Chrome OS Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors. | 4.4 | |
| 2011-05-26 | CVE-2011-2172 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Portal 7.0.0.1 Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-05-24 | CVE-2011-1595 | Rdesktop | Path Traversal vulnerability in Rdesktop Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. | 4.3 |
| 2011-05-26 | CVE-2011-2173 | IBM | Resource Management Errors vulnerability in IBM Websphere Portal 6.0.1.7/7.0.0.1 The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests. | 4.0 |
| 2011-05-26 | CVE-2010-4806 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM web Content Manager 6.1.5/7.0.01 The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges. | 4.0 |
| 2011-05-24 | CVE-2011-0418 | Pureftpd Netbsd | Improper Input Validation vulnerability in multiple products The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command. | 4.0 |
3 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-05-26 | CVE-2010-4807 | IBM | Race Condition vulnerability in IBM web Content Manager 7.0.0.1 Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception. | 3.5 |
| 2011-05-24 | CVE-2011-1424 | EMC Microsoft IBM | Configuration vulnerability in EMC Sourceone Email Management 6.5.2.3668 The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing. | 3.5 |
| 2011-05-23 | CVE-2011-1920 | Netbsd Ihji | Link Following vulnerability in multiple products The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. | 3.3 |