Weekly Vulnerabilities Reports > November 14 to 20, 2011

Overview

26 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 21 products from 15 vendors including HP, Mahara, Apple, Phpmyadmin, and Xelerance. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Information Exposure", "Improper Input Validation", and "Resource Management Errors".

  • 24 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 21 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-11-16 CVE-2011-4157 HP Buffer Errors vulnerability in HP products

Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request.

10.0

3 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-11-15 CVE-2011-1516 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.

7.6
2011-11-15 CVE-2008-7303 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516.

7.6
2011-11-17 CVE-2011-3900 Google Out-Of-Bounds Write vulnerability in Google Chrome

Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation.

7.5

21 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-11-17 CVE-2011-4122 Freebsd Path Traversal vulnerability in Freebsd 8.1

Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a ..

6.9
2011-11-19 CVE-2011-4159 HP Unspecified vulnerability in HP Event Monitoring Service A.04.20.11.04

Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.

6.8
2011-11-15 CVE-2011-2773 Mahara Cross-Site Request Forgery (CSRF) vulnerability in Mahara

Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution.

6.8
2011-11-15 CVE-2011-4118 Mahara Permissions, Privileges, and Access Controls vulnerability in Mahara

Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target.

6.0
2011-11-19 CVE-2011-4404 Vmware Configuration vulnerability in VMWare Vcenter Update Manager 4.0/4.1

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.

5.0
2011-11-19 CVE-2011-4311 Montala Improper Input Validation vulnerability in Montala Resourcespace

ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors.

5.0
2011-11-19 CVE-2011-3849 Broadcom Unspecified vulnerability in Broadcom Directory 8.1/R12

Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1 and CA Directory r12 before SP7 CR1 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP packet.

5.0
2011-11-17 CVE-2011-4096 Squid Cache Resource Management Errors vulnerability in Squid-Cache Squid

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.

5.0
2011-11-17 CVE-2011-3646 Phpmyadmin Improper Input Validation vulnerability in PHPmyadmin

phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message.

5.0
2011-11-17 CVE-2011-3380 Xelerance Unspecified vulnerability in Xelerance Openswan

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.

5.0
2011-11-15 CVE-2011-2772 Mahara Improper Input Validation vulnerability in Mahara

The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image.

5.0
2011-11-19 CVE-2011-4465 IBM Cross-Site Scripting vulnerability in IBM Lotus Mobile Connect 6.1.4

Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL.

4.3
2011-11-17 CVE-2011-4107 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

4.3
2011-11-17 CVE-2011-3627 Clamav Numeric Errors vulnerability in Clamav

The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.

4.3
2011-11-17 CVE-2011-2770 Robert Luberda Cross-Site Scripting vulnerability in Robert Luberda Man2Html 1.6

Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error messages.

4.3
2011-11-16 CVE-2011-4156 HP Cross-Site Scripting vulnerability in HP Network Node Manager I

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4155.

4.3
2011-11-16 CVE-2011-4155 HP Cross-Site Scripting vulnerability in HP Network Node Manager I

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156.

4.3
2011-11-15 CVE-2011-2771 Mahara Cross-Site Scripting vulnerability in Mahara

Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed.

4.3
2011-11-17 CVE-2011-4073 Xelerance Resource Management Errors vulnerability in Xelerance Openswan

Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.

4.0
2011-11-16 CVE-2011-4158 HP Unspecified vulnerability in HP Directories Support for Proliant Management Processors 3.10/3.20

Unspecified vulnerability in HP Directories Support for ProLiant Management Processors 3.10 and 3.20 for Integrated Lights-Out iLO2 and iLO3 allows remote authenticated users to obtain sensitive information via unknown vectors.

4.0
2011-11-15 CVE-2011-2774 Mahara Information Exposure vulnerability in Mahara

The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.

4.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-11-17 CVE-2011-4457 Owasp Java Html Sanitizer Project Information Exposure vulnerability in Owasp-Java-Html-Sanitizer Project Owasp-Java-Html-Sanitizer

OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.

2.6