Weekly Vulnerabilities Reports > June 6 to 12, 2011
Overview
43 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 37 products from 25 vendors including Novell, Vmware, Wireshark, Maynard Johnson, and Apache. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Resource Management Errors", and "Path Traversal".
- 35 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 38 reported vulnerabilities are exploitable by an anonymous user.
- Novell has the most reported vulnerabilities, with 11 reported vulnerabilities.
- Novell has the most reported critical vulnerabilities, with 10 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
14 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-06-09 | CVE-2011-2475 | Sybase | USE of Externally-Controlled Format String vulnerability in Sybase Onebridge Mobile Data Suite 5.5/5.6 Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields, related to authentication logging. | 10.0 |
2011-06-08 | CVE-2010-4663 | Cmsmadesimple | Unspecified vulnerability in Cmsmadesimple CMS Made Simple Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors. | 10.0 |
2011-06-09 | CVE-2011-1708 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs cookie. | 9.3 |
2011-06-09 | CVE-2011-1707 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs parameter in a printer-url. | 9.3 |
2011-06-09 | CVE-2011-1706 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url. | 9.3 |
2011-06-09 | CVE-2011-1705 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url. | 9.3 |
2011-06-09 | CVE-2011-1704 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url. | 9.3 |
2011-06-09 | CVE-2011-1703 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url. | 9.3 |
2011-06-09 | CVE-2011-1702 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted file-date-time parameter in a printer-url. | 9.3 |
2011-06-09 | CVE-2011-1701 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url. | 9.3 |
2011-06-09 | CVE-2011-1700 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url. | 9.3 |
2011-06-09 | CVE-2011-1699 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url. | 9.3 |
2011-06-08 | CVE-2011-2386 | Visiwave | Code Injection vulnerability in Visiwave Site Survey 1.6.12/2.0.12/2.1 VisiWaveReport.exe in AZO Technologies, Inc. | 9.3 |
2011-06-06 | CVE-2011-2217 | Tomsawyer Vmware | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document. | 9.3 |
3 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-06-09 | CVE-2011-1823 | Integer Overflow or Wraparound vulnerability in Google Android The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak. | 7.8 | |
2011-06-09 | CVE-2011-2471 | Maynard Johnson | Permissions, Privileges, and Access Controls vulnerability in Maynard Johnson Oprofile utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760. | 7.2 |
2011-06-09 | CVE-2011-1760 | Maynard Johnson | Code Injection vulnerability in Maynard Johnson Oprofile utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument. | 7.2 |
24 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-06-06 | CVE-2011-1787 | Vmware | Race Condition vulnerability in VMWare products Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory. | 6.9 |
2011-06-06 | CVE-2011-1954 | Postrev | Cross-Site Request Forgery (CSRF) vulnerability in Postrev Post Revolution Multiple cross-site request forgery (CSRF) vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to (1) ajax-weblog-guardar.php, (2) verpost.php, (3) comments.php, or (4) perfil.php. | 6.8 |
2011-06-08 | CVE-2011-1584 | Dotclear | Permissions, Privileges, and Access Controls vulnerability in Dotclear The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. | 6.5 |
2011-06-09 | CVE-2011-2473 | Maynard Johnson | Link Following vulnerability in Maynard Johnson Oprofile The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760. | 6.3 |
2011-06-09 | CVE-2011-2472 | Maynard Johnson | Path Traversal vulnerability in Maynard Johnson Oprofile Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. | 6.3 |
2011-06-06 | CVE-2011-2145 | Vmware Freebsd Oracle | Permissions, Privileges, and Access Controls vulnerability in VMWare products mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error." | 6.3 |
2011-06-09 | CVE-2011-1711 | Novell | Unauthorized Access vulnerability in Novell Data Synchronizer User Account Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors. | 5.5 |
2011-06-06 | CVE-2011-1950 | Plone | Permissions, Privileges, and Access Controls vulnerability in Plone 4.0/4.1 plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011. | 5.5 |
2011-06-09 | CVE-2011-2474 | Sybase | Path Traversal vulnerability in Sybase Easerver 6.3.1 Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path. | 5.0 |
2011-06-09 | CVE-2011-2468 | Anymacro | Path Traversal vulnerability in Anymacro Mail System G4X Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request. | 5.0 |
2011-06-09 | CVE-2011-2395 | Cisco | Configuration vulnerability in Cisco IOS The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message. | 5.0 |
2011-06-06 | CVE-2011-2216 | Digium | Denial of Service vulnerability in Asterisk 'Contact' Header SIP Channel Driver reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header. | 5.0 |
2011-06-06 | CVE-2011-1952 | Postrev | Resource Management Errors vulnerability in Postrev Post Revolution common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence. | 5.0 |
2011-06-06 | CVE-2011-1752 | Apache | Denial of Service and Information Disclosure vulnerability in Subversion 'mod_dav_svn' The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. | 5.0 |
2011-06-09 | CVE-2011-2107 | Adobe Apple Linux Microsoft SUN | Cross-Site Scripting vulnerability in Adobe Acrobat, Acrobat Reader and Flash Player Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability." Per: http://www.adobe.com/support/security/bulletins/apsb11-13.html 'This issue also affects the authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.3) and earlier 10.x and 9.x versions of Adobe Reader and Acrobat for Windows and Macintosh operating systems.' Per: http://www.adobe.com/support/security/bulletins/apsb11-13.html 'We expect to make available an update for Adobe Acrobat X (10.0.3) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Windows, Adobe Reader X (10.0.3) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011. | 4.3 |
2011-06-06 | CVE-2011-2175 | Wireshark | Numeric Errors vulnerability in Wireshark Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. | 4.3 |
2011-06-06 | CVE-2011-2174 | Wireshark | Resource Management Errors vulnerability in Wireshark Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. | 4.3 |
2011-06-06 | CVE-2011-1959 | Wireshark | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read. | 4.3 |
2011-06-06 | CVE-2011-1956 | Wireshark | Unspecified vulnerability in Wireshark 1.4.5 The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic. | 4.3 |
2011-06-06 | CVE-2011-1953 | Postrev | Cross-Site Scripting vulnerability in Postrev Post Revolution Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P, a (2) STRONG, a (3) A, a (4) EM, a (5) I, a (6) IMG, a (7) LI, an (8) OL, a (9) VIDEO, or a (10) BLOCKQUOTE element. | 4.3 |
2011-06-06 | CVE-2011-1921 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Subversion The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. | 4.3 |
2011-06-06 | CVE-2011-1783 | Apache | Resource Management Errors vulnerability in Apache Http Server and Subversion The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. | 4.3 |
2011-06-06 | CVE-2011-0767 | Imperva | Cross-Site Scripting vulnerability in Imperva Securesphere web Application Firewall Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759. | 4.3 |
2011-06-06 | CVE-2011-0082 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox 4.0/4.0.1 The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwanted local caching of documents from that server. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-06-06 | CVE-2011-1949 | Plone | Cross-Site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422. | 3.5 |
2011-06-06 | CVE-2011-2146 | Vmware | Information Exposure vulnerability in VMWare products mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors. | 2.1 |