Weekly Vulnerabilities Reports > February 4 to 10, 2013

Overview

49 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 57 products from 33 vendors including Redhat, HP, Google, Opera, and EMC. Vulnerabilities are notably categorized as "Cryptographic Issues", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "Improper Input Validation".

  • 45 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 9 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 46 reported vulnerabilities are exploitable by an anonymous user.
  • Redhat has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-02-06 CVE-2012-3285 HP Unspecified vulnerability in HP Lefthand P4000 Virtual SAN Appliance and San/Iq

Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513.

10.0
2013-02-06 CVE-2012-3284 HP Unspecified vulnerability in HP Lefthand P4000 Virtual SAN Appliance and San/Iq

Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1512.

10.0
2013-02-06 CVE-2012-3283 HP Unspecified vulnerability in HP Lefthand P4000 Virtual SAN Appliance and San/Iq

Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1511.

10.0
2013-02-06 CVE-2012-3282 HP Unspecified vulnerability in HP Lefthand P4000 Virtual SAN Appliance and San/Iq

Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1468.

10.0
2013-02-08 CVE-2013-1638 Opera Code Injection vulnerability in Opera Browser

Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.

9.3
2013-02-08 CVE-2013-1637 Opera Code Injection vulnerability in Opera Browser

Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.

9.3
2013-02-08 CVE-2013-0634 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player

Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.

9.3
2013-02-08 CVE-2013-0633 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player

Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

9.3
2013-02-08 CVE-2012-4700 Ecava Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ecava Integraxor

Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document.

9.3

4 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-02-06 CVE-2012-3281 HP Denial of Service vulnerability in HP XP P9000 Command View Advanced Edition 7.1.0/7.2/7.2.03

Unspecified vulnerability in Device Manager in HP XP P9000 Command View Advanced Edition before 7.4.0-00 allows remote attackers to cause a denial of service via unknown vectors.

7.8
2013-02-08 CVE-2013-1465 Cubecart Improper Input Validation vulnerability in Cubecart

The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.

7.5
2013-02-06 CVE-2012-2292 EMC Permissions, Privileges, and Access Controls vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite

The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

7.5
2013-02-05 CVE-2011-1350 Google Information Exposure vulnerability in Google Android

The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.

7.1

32 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-02-05 CVE-2011-1352 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.

6.9
2013-02-08 CVE-2013-0170 Redhat
Opensuse
Suse
Fedoraproject
Canonical
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

6.8
2013-02-08 CVE-2013-1639 Opera Cross-Site Request Forgery (CSRF) vulnerability in Opera Browser

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.

6.8
2013-02-06 CVE-2013-1120 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unity Express and Unity Express Software

Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.

6.8
2013-02-06 CVE-2012-2294 EMC Improper Input Validation vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite

EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page.

6.8
2013-02-05 CVE-2012-0874 Redhat Improper Authentication vulnerability in Redhat products

The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors.

6.8
2013-02-06 CVE-2012-2293 EMC Path Traversal vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite

Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path.

6.5
2013-02-05 CVE-2012-3370 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat products

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.

5.8
2013-02-08 CVE-2013-0263 Rack Project Unspecified vulnerability in Rack Project Rack

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

5.1
2013-02-08 CVE-2013-0242 GNU Buffer Errors vulnerability in GNU Glibc 2.17

Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.

5.0
2013-02-08 CVE-2013-0189 Squid Cache
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request.

5.0
2013-02-08 CVE-2013-0166 Openssl
Redhat
Cryptographic Issues vulnerability in multiple products

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

5.0
2013-02-08 CVE-2012-2686 Openssl Cryptographic Issues vulnerability in Openssl

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

5.0
2013-02-05 CVE-2012-5478 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat products

The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors.

4.9
2013-02-08 CVE-2013-0262 Rack Project Path Traversal vulnerability in Rack Project Rack

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

4.3
2013-02-08 CVE-2013-1623 Yassl Cryptographic Issues vulnerability in Yassl Cyassl

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

4.3
2013-02-08 CVE-2013-1621 Polarssl Improper Input Validation vulnerability in Polarssl

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.

4.3
2013-02-08 CVE-2013-1620 Mozilla Cryptographic Issues vulnerability in Mozilla Network Security Services

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

4.3
2013-02-07 CVE-2013-1464 Doryphores
Wordpress
Cross-Site Scripting vulnerability in Doryphores Audio Player

Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.

4.3
2013-02-07 CVE-2013-1463 Tobias Bathge
Wordpress
Cross-Site Scripting vulnerability in Tobias Bathge Wp-Table Reloaded

Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2013-02-06 CVE-2012-5187 Weathernews Permissions, Privileges, and Access Controls vulnerability in Weathernews Touch

The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files.

4.3
2013-02-06 CVE-2012-5186 Fleugel Cross-Site Scripting vulnerability in Fleugel Myu-S and PHP Weblog System Mania

Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and PHP WeblogSystem allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-02-06 CVE-2012-3279 HP Cross-Site Scripting vulnerability in HP Network Node Manager I

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-02-06 CVE-2012-1064 EMC Cross-Site Scripting vulnerability in EMC RSA Archer Egrc and RSA Archer Smartsuite

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-02-05 CVE-2013-0176 Libssh Resource Management Errors vulnerability in Libssh

The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.

4.3
2013-02-05 CVE-2011-4575 Redhat Improper Input Validation vulnerability in Redhat products

Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-02-04 CVE-2013-1471 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortimail 3.0/4.0

Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.

4.3
2013-02-08 CVE-2013-1624 Bouncycastle Cryptographic Issues vulnerability in Bouncycastle products

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

4.0
2013-02-08 CVE-2013-1619 GNU Cryptographic Issues vulnerability in GNU Gnutls

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

4.0
2013-02-08 CVE-2013-1618 Opera Cryptographic Issues vulnerability in Opera Browser

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

4.0
2013-02-06 CVE-2013-1107 Cisco Information Exposure vulnerability in Cisco Webex Social

The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235.

4.0
2013-02-05 CVE-2012-3369 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat products

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-02-06 CVE-2013-0254 QT Permissions, Privileges, and Access Controls vulnerability in QT

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.

3.6
2013-02-08 CVE-2013-0169 Openssl
Oracle
Polarssl
Cryptographic Issues vulnerability in multiple products

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

2.6
2013-02-05 CVE-2013-0218 Redhat Information Exposure vulnerability in Redhat products

The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.

2.1
2013-02-05 CVE-2012-0034 Redhat Credentials Management vulnerability in Redhat products

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

2.1