Weekly Vulnerabilities Reports > July 4 to 10, 2011

Overview

29 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 31 products from 27 vendors including IBM, Digium, Google, ISC, and 6Kbbs. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", and "Resource Management Errors".

  • 26 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 25 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-07-08 CVE-2011-2344 Google Cryptographic Issues vulnerability in Google Android

Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.

10.0
2011-07-07 CVE-2011-2681 IBM Improper Input Validation vulnerability in IBM Rational Doors web Access

IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors.

10.0
2011-07-07 CVE-2011-2680 IBM Multiple Unspecified vulnerability in IBM Rational DOORS

Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response."

10.0
2011-07-07 CVE-2011-1336 Estsoft Buffer Errors vulnerability in Estsoft Alzip 8.0/8.12/8.21

Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file.

9.3

5 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-07-08 CVE-2010-4814 Bestsoftinc SQL Injection vulnerability in Bestsoftinc Advance Hotel Booking System 1.0

SQL injection vulnerability in index1.php in Best Soft Inc.

7.5
2011-07-08 CVE-2010-4810 Awcm CMS Code Injection vulnerability in Awcm-Cms AR web Content Manager 2.1

Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) lang_file parameter to control/common.php.

7.5
2011-07-08 CVE-2010-4809 Liberologico SQL Injection vulnerability in Liberologico Dbsite 1.0

SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2011-07-08 CVE-2010-4808 Valarsoft SQL Injection vulnerability in Valarsoft Webmatic

SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter.

7.5
2011-07-07 CVE-2011-1946 Hongli LAI Permissions, Privileges, and Access Controls vulnerability in Hongli LAI Libgnomesu 1.0.0

gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of these accounts.

7.2

17 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-07-07 CVE-2011-1931 Ffmpeg
Libav
Videolan
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.

6.8
2011-07-07 CVE-2011-2678 Cisco
Microsoft
Local Security vulnerability in Cisco VPN Client 5.0.7.0240/5.0.7.0290

The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645.

6.8
2011-07-08 CVE-2010-4812 6Kbbs SQL Injection vulnerability in 6Kbbs 8.0

Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php.

6.5
2011-07-08 CVE-2011-2464 ISC Packet Processing Remote Denial of Service vulnerability in ISC BIND 9

Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.

5.0
2011-07-06 CVE-2011-2666 Digium Configuration vulnerability in Digium Asterisk

The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.

5.0
2011-07-06 CVE-2011-2665 Digium Denial-Of-Service vulnerability in Asterisk

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character.

5.0
2011-07-06 CVE-2011-2536 Digium Information Exposure vulnerability in Digium Asterisk

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.

5.0
2011-07-06 CVE-2011-2535 Digium Improper Input Validation vulnerability in Digium Asterisk

chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.

5.0
2011-07-06 CVE-2011-2529 Digium Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Digium Asterisk

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.

5.0
2011-07-08 CVE-2010-4811 6Kbbs Cross-Site Scripting vulnerability in 6Kbbs 8.0

Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the (1) user[msn], (2) user[email], and (3) user[phone] parameters in a modifyDetails action.

4.3
2011-07-08 CVE-2011-1001 Google Improper Input Validation vulnerability in Google Android SDK

dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.

4.3
2011-07-07 CVE-2011-2192 Curl
Haxx
Apple
Fedoraproject
Debian
Canonical
Credentials Management vulnerability in multiple products

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

4.3
2011-07-07 CVE-2011-1498 Apache Information Exposure vulnerability in Apache Httpclient 4.0/4.0.1/4.1

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

4.3
2011-07-07 CVE-2011-1224 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application.

4.3
2011-07-07 CVE-2011-2679 IBM Cross-Site Scripting vulnerability in IBM Rational Doors web Access

Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-07-07 CVE-2011-2597 Wireshark Resource Management Errors vulnerability in Wireshark

The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets.

4.3
2011-07-07 CVE-2011-2682 IBM Resource Management Errors vulnerability in IBM Rational Doors web Access

The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access with a new user account that has never been used for a DOORS login.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-07-08 CVE-2011-2664 Checkpoint Local Security vulnerability in Check Point Provider-1

Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors.

3.6
2011-07-08 CVE-2010-4813 Category Tokens Project
Drupal
Cross-Site Scripting vulnerability in Category Tokens Project Category Tokens 6.X1.0

Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.

3.5
2011-07-08 CVE-2011-2465 ISC Remote Denial of Service vulnerability in ISC BIND 9 RPZ Configurations

Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.

2.6