Weekly Vulnerabilities Reports > September 5 to 11, 2011
Overview
14 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 22 products from 12 vendors including IBM, Openttd, Linux, Apple, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", and "Numeric Errors".
- 10 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 12 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 3 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-09-06 | CVE-2011-2654 | Novell | Improper Input Validation vulnerability in Novell Cloud Manager 1.1.2 The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session. | 9.3 |
| 2011-09-06 | CVE-2011-0258 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file. | 9.3 |
4 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-09-06 | CVE-2011-1771 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem. | 7.8 |
| 2011-09-08 | CVE-2011-3342 | Openttd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame. | 7.5 |
| 2011-09-08 | CVE-2011-3341 | Openttd | Numeric Errors vulnerability in Openttd Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command. | 7.5 |
| 2011-09-06 | CVE-2011-2660 | Suse | Improper Input Validation vulnerability in Suse Linux Enterprise Desktop and Vpnc The modify_resolvconf_suse script in the vpnc package before 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1 might allow remote attackers to execute arbitrary commands via a crafted DNS domain name. | 7.5 |
7 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-09-06 | CVE-2011-1776 | Linux Redhat | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. | 6.1 |
| 2011-09-06 | CVE-2011-1359 | IBM | Path Traversal vulnerability in IBM Websphere Application Server Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2011-09-08 | CVE-2011-3343 | Openttd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file. | 4.6 |
| 2011-09-08 | CVE-2011-3384 | Sage Mozdev Mozilla | Cross-Site Scripting vulnerability in Sage-Mozdev Sage 1.3.8 Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102. | 4.3 |
| 2011-09-06 | CVE-2011-3388 | Opera | Information Exposure vulnerability in Opera Browser Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security information based on the trusted site, instead of the insecure site. | 4.3 |
| 2011-09-06 | CVE-2011-3390 | IBM | Cross-Site Scripting vulnerability in IBM Openadmin Tool Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informixserver, (2) host, or (3) port parameter in a login action. | 4.3 |
| 2011-09-08 | CVE-2011-3391 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Rational Build Forge 7.1.2 IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu. | 4.0 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-09-06 | CVE-2011-3204 | Geoff Wong | Link Following vulnerability in Geoff Wong Hammerhead 2.1.4 hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file. | 3.3 |