Weekly Vulnerabilities Reports > May 28 to June 3, 2012
Overview
15 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 18 products from 13 vendors including Puppet, Puppetlabs, Vmware, Cisco, and Canonical. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", and "SQL Injection".
- 11 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 13 reported vulnerabilities are exploitable by an anonymous user.
- Puppet has the most reported vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
6 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-05-31 | CVE-2012-2488 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593. | 7.8 |
2012-06-01 | CVE-2012-2944 | Networkupstools | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Networkupstools NUT Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters. | 7.5 |
2012-06-01 | CVE-2012-0409 | EMC | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Autostart Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets. | 7.5 |
2012-05-31 | CVE-2012-2352 | Sympa | Permissions, Privileges, and Access Controls vulnerability in Sympa The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions. | 7.5 |
2012-05-29 | CVE-2012-2952 | Jaow | SQL Injection vulnerability in Jaow 2.1/2.3/2.4 SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the add_ons parameter. | 7.5 |
2012-06-01 | CVE-2012-2752 | Vmware | Unspecified vulnerability in VMWare VMA 4.0/4.1/5.0.0.1 Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 7.2 |
5 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-05-29 | CVE-2012-1053 | Puppet Puppetlabs | Permissions, Privileges, and Access Controls vulnerability in multiple products The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups. | 6.9 |
2012-05-30 | CVE-2010-5099 | Typo3 | Improper Input Validation vulnerability in Typo3 The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php. | 6.8 |
2012-05-29 | CVE-2011-3048 | Libpng | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libpng The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. | 6.8 |
2012-05-31 | CVE-2012-0949 | Canonical | Information Exposure vulnerability in Canonical Ubuntu Linux 11.04/11.10/12.04 The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. | 5.0 |
2012-05-29 | CVE-2012-1054 | Puppet Puppetlabs | Permissions, Privileges, and Access Controls vulnerability in multiple products Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login. | 4.4 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-05-29 | CVE-2012-1987 | Puppet Puppetlabs | Multiple Security vulnerability in Puppet Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations. | 3.5 |
2012-05-29 | CVE-2012-1906 | Puppet Puppetlabs | Permissions, Privileges, and Access Controls vulnerability in multiple products Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp. | 3.3 |
2012-06-02 | CVE-2012-2947 | Debian Digium | Improper Access Control vulnerability in multiple products chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. | 2.6 |
2012-05-29 | CVE-2012-1986 | Puppet Puppetlabs | Permissions, Privileges, and Access Controls vulnerability in multiple products Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket. | 2.1 |