Weekly Vulnerabilities Reports > February 25 to March 3, 2013

Overview

24 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 28 products from 12 vendors including Cisco, Linux, Apple, IBM, and Adobe. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Resource Management Errors", and "Improper Input Validation".

  • 17 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 21 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-02-27 CVE-2013-0504 Adobe
Apple
Microsoft
Linux
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player

Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows attackers to execute arbitrary code via unspecified vectors.

10.0
2013-03-01 CVE-2013-0707 Justsystems Arbitrary Code Execution vulnerability in Multiple JustSystems Products

Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, Ichitaro Government 2006 and 2007, Ichitaro Portable with oreplug, Hanako 2006 through 2013, Hanako Police, Hanako Police 3, and Hanako Police 2010 allows remote attackers to execute arbitrary code via a crafted file.

9.3
2013-02-27 CVE-2013-0648 Adobe
Apple
Microsoft
Linux
Remote Code Execution vulnerability in Adobe Flash Player

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

9.3
2013-02-27 CVE-2013-0643 Adobe
Apple
Microsoft
Linux
Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

9.3

5 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-02-27 CVE-2013-1137 Cisco Buffer Errors vulnerability in Cisco Unified Presence Server 8.6/9.0/9.1

Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930.

7.8
2013-02-27 CVE-2013-1133 Cisco Improper Input Validation vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337.

7.8
2013-02-27 CVE-2013-0490 IBM Local Privilege Escalation vulnerability in IBM Infosphere Guardium 8.00

Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 on z/OS allows local users to gain privileges via unknown vectors.

7.2
2013-02-27 CVE-2013-1135 Cisco Improper Input Validation vulnerability in Cisco Prime Central for Hosted Collaboration Solution Assurance 8.6/9.0

Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.0 allows remote attackers to cause a denial of service (CPU consumption and monitoring outage) via malformed TLS messages to TCP port (1) 9043 or (2) 9443, aka Bug ID CSCuc07155.

7.1
2013-02-27 CVE-2013-1134 Cisco Improper Authentication vulnerability in Cisco Unified Communications Manager 9.0(1)

The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.

7.1

12 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-02-27 CVE-2012-5767 IBM Security Bypass vulnerability in IBM Ts3500 Tape Library and Ts3500 Tape Library Firmware

Unspecified vulnerability in the web interface on the IBM TS3500 Tape Library with firmware before C260 allows remote authenticated users to gain privileges via unspecified vectors.

6.5
2013-02-28 CVE-2013-1141 Cisco Buffer Errors vulnerability in Cisco products

The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153.

6.1
2013-02-28 CVE-2013-1124 Cisco
Apple
Cryptographic Issues vulnerability in Cisco Network Admission Control

The Cisco Network Admission Control (NAC) agent on Mac OS X does not verify the X.509 certificate of an Identity Services Engine (ISE) server during an SSL session, which allows man-in-the-middle attackers to spoof ISE servers via an arbitrary certificate, aka Bug ID CSCub24309.

5.8
2013-02-27 CVE-2012-4842 IBM Resource Management Errors vulnerability in IBM Lotus Domino

Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2013-03-01 CVE-2011-2479 Linux Resource Management Errors vulnerability in Linux Kernel

The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.

5.5
2013-03-01 CVE-2013-0709 Bayashi Cross-Site Scripting vulnerability in Bayashi Dopvstar* 0091

Cross-site scripting (XSS) vulnerability in dopvSTAR* 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log.

4.3
2013-03-01 CVE-2013-0708 Bayashi Cross-Site Scripting vulnerability in Bayashi Dopvcomet* 0009

Cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log.

4.3
2013-03-01 CVE-2013-0256 Ruby Lang
Canonical
Cross-site Scripting vulnerability in multiple products

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

4.3
2013-03-01 CVE-2012-5604 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms 1.1

The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.

4.3
2013-02-27 CVE-2012-4844 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino

Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-02-28 CVE-2013-1772 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (buffer overflow and system crash) by leveraging /dev/kmsg write access and triggering a call_console_drivers function call.

4.0
2013-02-27 CVE-2013-1139 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Cloud Portal

The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-02-28 CVE-2013-0343 Linux IPv6 Temporary Addresses Remote Security vulnerability in Linux Kernel

The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.

3.2
2013-03-01 CVE-2012-6116 Katello Permissions, Privileges, and Access Controls vulnerability in Katello and Katello-Configure

modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.

2.1
2013-03-01 CVE-2012-5561 Katello Information Exposure vulnerability in Katello 1.1

script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.

2.1