Weekly Vulnerabilities Reports > May 21 to 27, 2012

Overview

12 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 23 products from 4 vendors including Linux, Redhat, F5, and Atlassian. Vulnerabilities are notably categorized as "Resource Exhaustion", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "NULL Pointer Dereference", and "Improper Input Validation".

  • 4 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Linux has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-05-24 CVE-2011-3188 Linux
Redhat
F5
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
9.1
2012-05-22 CVE-2012-2926 Atlassian Unspecified vulnerability in Atlassian products

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

9.1

3 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-05-24 CVE-2011-3191 Linux
Redhat
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.

8.8
2012-05-24 CVE-2011-3359 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame.

7.5
2012-05-24 CVE-2011-2699 Linux
Redhat
The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.
7.5

7 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-05-24 CVE-2011-3363 Linux
Redhat
Improper Input Validation vulnerability in multiple products

The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.

6.5
2012-05-24 CVE-2011-2707 Linux Information Exposure vulnerability in Linux Kernel

The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request.

6.0
2012-05-24 CVE-2011-4081 Linux NULL Pointer Dereference vulnerability in Linux Kernel

crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.

5.5
2012-05-24 CVE-2011-3353 Linux Classic Buffer Overflow vulnerability in Linux Kernel

Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.

5.5
2012-05-24 CVE-2011-2918 Linux Resource Exhaustion vulnerability in Linux Kernel

The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.

5.5
2012-05-24 CVE-2011-2906 Linux Resource Exhaustion vulnerability in Linux Kernel

Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call.

5.5
2012-05-24 CVE-2011-2898 Linux Information Exposure vulnerability in Linux Kernel

net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application.

5.5

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS