Weekly Vulnerabilities Reports > August 19 to 25, 2013

Overview

125 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 92 products from 56 vendors including Puppet, Apache, Debian, Cisco, and IBM. Vulnerabilities are notably categorized as "Cross-site Scripting", "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "SQL Injection".

  • 103 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities have public exploit available.
  • 38 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 108 reported vulnerabilities are exploitable by an anonymous user.
  • Puppet has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Sixnet has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-08-21 CVE-2013-2802 Sixnet Code Injection vulnerability in Sixnet RTU Firmware and UDR

The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes.

10.0
2013-08-25 CVE-2013-5578 Staruml Buffer Errors vulnerability in Staruml 5.0.2.1570

Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument.

9.3

37 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-08-25 CVE-2013-3462 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Unified Communications Manager

Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.

8.5
2013-08-23 CVE-2013-4172 Redhat Code Injection vulnerability in Redhat Cloudforms Management Engine 5.1

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors.

8.5
2013-08-21 CVE-2013-0526 IBM Improper Input Validation vulnerability in IBM products

ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter.

8.5
2013-08-25 CVE-2013-4247 Linux Numeric Errors vulnerability in Linux Kernel

Off-by-one error in the build_unc_path_to_root function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service (memory corruption and system crash) via a DFS share mount operation that triggers use of an unexpected DFS referral name length.

7.8
2013-08-25 CVE-2013-3460 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Manager

Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.

7.8
2013-08-25 CVE-2013-3459 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.

7.8
2013-08-25 CVE-2013-3390 Cisco Resource Management Errors vulnerability in Cisco Prime Central for Hosted Collaboration Solution Assurance

Memory leak in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug ID CSCub59158.

7.8
2013-08-25 CVE-2013-3389 Cisco Resource Management Errors vulnerability in Cisco Prime Central for Hosted Collaboration Solution Assurance

Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port (1) 61615 or (2) 61616, aka Bug ID CSCtz90114.

7.8
2013-08-25 CVE-2013-3388 Cisco Resource Management Errors vulnerability in Cisco Prime Central for Hosted Collaboration Solution Assurance

Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776.

7.8
2013-08-25 CVE-2013-3387 Cisco Resource Management Errors vulnerability in Cisco Prime Central for Hosted Collaboration Solution Assurance

Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (disk consumption) via a flood of TCP packets to port 5400, leading to large error-log files, aka Bug ID CSCua42724.

7.8
2013-08-22 CVE-2013-3453 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Manager and Unified Presence

Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.

7.8
2013-08-22 CVE-2013-2789 Kepware Resource Management Errors vulnerability in Kepware Kepserverex Communications Platform

The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.

7.8
2013-08-25 CVE-2013-4219 Intel Numeric Errors vulnerability in Intel Wimax Network Service 1.5.0/1.5.2

Multiple integer overflows in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices allow remote attackers to cause a denial of service (component crash) or possibly execute arbitrary code via an L5 connection with a crafted PDU value that triggers a heap-based buffer overflow within (1) L5SocketsDispatcher.c or (2) L5Connector.c.

7.5
2013-08-25 CVE-2012-6588 Myrephp SQL Injection vulnerability in Myrephp Myre Business Directory

SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2013-08-25 CVE-2012-6586 Myrephp SQL Injection vulnerability in Myrephp Myre Vacation Rental

Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php.

7.5
2013-08-25 CVE-2012-6584 Myrephp SQL Injection vulnerability in Myrephp Myre Realty Manager

Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php.

7.5
2013-08-25 CVE-2010-5289 Incredimail Buffer Errors vulnerability in Incredimail 2.0

Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in the first argument.

7.5
2013-08-23 CVE-2013-1435 Cacti Code Injection vulnerability in Cacti

(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

7.5
2013-08-23 CVE-2013-1434 Cacti SQL Injection vulnerability in Cacti

Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2013-08-23 CVE-2013-5569 Heiko Sudar
Typo3
SQL Injection vulnerability in Heiko Sudar Slideshare 0.1.0

SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2013-08-21 CVE-2013-4701 Janrain XML External Entity Injection vulnerability in Janrain PHP-Openid 2.2.2

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

7.5
2013-08-21 CVE-2013-2904 Google
Debian
Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document.

7.5
2013-08-21 CVE-2013-2903 Google
Debian
Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving moving a (1) AUDIO or (2) VIDEO element between documents.

7.5
2013-08-21 CVE-2013-2902 Google
Debian
Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.

7.5
2013-08-21 CVE-2013-2901 Debian
Google
Numeric Errors vulnerability in multiple products

Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2013-08-21 CVE-2013-2900 Debian
Google
Microsoft
Path Traversal vulnerability in multiple products

The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of .

7.5
2013-08-21 CVE-2013-2887 Google Security vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2013-08-20 CVE-2013-2210 Apache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache XML Security FOR C++

Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions.

7.5
2013-08-20 CVE-2013-2161 Openstack
Opensuse
Code Injection vulnerability in multiple products

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.

7.5
2013-08-20 CVE-2013-2156 Apache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache XML Security FOR C++

Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute.

7.5
2013-08-20 CVE-2013-2154 Apache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache XML Security FOR C++

Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function.

7.5
2013-08-20 CVE-2013-5322 JAN Bednarik
Typo3
SQL Injection vulnerability in JAN Bednarik Cooluri

SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2013-08-20 CVE-2013-5321 Alienvault SQL Injection vulnerability in Alienvault Open Source Security Information Management 4.1

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.

7.5
2013-08-20 CVE-2013-5318 Benjamin Arnaudetr SQL Injection vulnerability in Benjamin Arnaudetr Ginkgocms 5.0

SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php.

7.5
2013-08-19 CVE-2013-3567 Puppet
Puppetlabs
Canonical
Novell
Improper Input Validation vulnerability in multiple products

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

7.5
2013-08-19 CVE-2013-5311 Vastal SQL Injection vulnerability in Vastal PHPvid 1.2.3

Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php.

7.5
2013-08-25 CVE-2013-3461 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.

7.1

63 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-08-25 CVE-2013-4254 Linux Improper Input Validation vulnerability in Linux Kernel

The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.

6.9
2013-08-24 CVE-2013-1662 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare Player and Workstation

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.

6.9
2013-08-23 CVE-2013-2196 XEN Remote Privilege Escalation vulnerability in Xen

Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195.

6.9
2013-08-23 CVE-2013-2195 XEN Numeric Errors vulnerability in XEN

The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations.

6.9
2013-08-23 CVE-2013-2194 XEN Numeric Errors vulnerability in XEN

Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.

6.9
2013-08-20 CVE-2013-4958 Puppet Improper Authentication vulnerability in Puppet Enterprise

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.

6.9
2013-08-23 CVE-2013-3370 Bestpractical Permissions, Privileges, and Access Controls vulnerability in Bestpractical RT

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.

6.8
2013-08-21 CVE-2013-3029 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server

Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.

6.8
2013-08-20 CVE-2013-5316 Ritecms Cross-Site Request Forgery (CSRF) vulnerability in Ritecms 1.0.0

Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.

6.8
2013-08-19 CVE-2013-4852 Winscp
Debian
Opensuse
Putty
Simon Tatham
Numeric Errors vulnerability in multiple products

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

6.8
2013-08-19 CVE-2013-4206 Putty
Simon Tatham
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.

6.8
2013-08-19 CVE-2013-1872 Mesa3D
Canonical
Opensuse
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function.

6.8
2013-08-19 CVE-2013-5313 Bigtreecms Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.0

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.

6.8
2013-08-19 CVE-2013-4881 Bigtreecms Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.0

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.

6.8
2013-08-19 CVE-2012-5575 Redhat
Apache
Cryptographic Issues vulnerability in multiple products

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."

6.4
2013-08-23 CVE-2013-3369 Bestpractical Security Bypass vulnerability in Request Tracker

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.

6.0
2013-08-23 CVE-2012-4733 Bestpractical Credentials Management vulnerability in Bestpractical RT

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.

6.0
2013-08-21 CVE-2013-4230 Monster Menus Module Project
Drupal
Permissions, Privileges, and Access Controls vulnerability in Monster Menus Module Project Monster Menus

The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.

6.0
2013-08-23 CVE-2013-1909 Redhat
Apache
Improper Input Validation vulnerability in multiple products

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2013-08-21 CVE-2013-4700 Yahoo Cryptographic Issues vulnerability in Yahoo Japan Shopping 1.4

The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8
2013-08-21 CVE-2013-4699 Yahoo Cryptographic Issues vulnerability in Yahoo Yafuoku! 4.3.0

The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8
2013-08-20 CVE-2013-4962 Puppet Credentials Management vulnerability in Puppet Enterprise

The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.

5.8
2013-08-20 CVE-2013-4955 Puppet Improper Input Validation vulnerability in Puppet Enterprise

Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.

5.8
2013-08-20 CVE-2013-4762 Puppet Improper Input Validation vulnerability in Puppet Enterprise

Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.

5.8
2013-08-20 CVE-2013-2155 Apache Improper Input Validation vulnerability in Apache XML Security FOR C++

Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions.

5.8
2013-08-20 CVE-2013-4761 Puppet
Puppetlabs
Remote Code Execution vulnerability in RETIRED: Puppet

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.

5.1
2013-08-23 CVE-2013-3373 Bestpractical Code Injection vulnerability in Bestpractical RT

CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.

5.0
2013-08-22 CVE-2013-2801 Osisoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Osisoft PI Interface

The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (instance shutdown and data-collection outage) via crafted C37.118 configuration packets that trigger an invalid read operation.

5.0
2013-08-22 CVE-2013-2800 Osisoft Resource Management Errors vulnerability in Osisoft PI Interface

The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (memory consumption or memory corruption, instance shutdown, and data-collection outage) via crafted C37.118 configuration packets.

5.0
2013-08-21 CVE-2013-3016 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal

IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting.

5.0
2013-08-21 CVE-2013-2905 Debian
Google
Permissions, Privileges, and Access Controls vulnerability in multiple products

The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file.

5.0
2013-08-20 CVE-2013-4967 Puppet Credentials Management vulnerability in Puppet Enterprise

Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.

5.0
2013-08-20 CVE-2013-4964 Puppet Permissions, Privileges, and Access Controls vulnerability in Puppet Enterprise

Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

5.0
2013-08-20 CVE-2013-4961 Puppet Information Exposure vulnerability in Puppet Enterprise

Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.

5.0
2013-08-20 CVE-2013-4130 Spice Project
Canonical
Resource Management Errors vulnerability in multiple products

The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.

5.0
2013-08-19 CVE-2013-2160 Apache Resource Management Errors vulnerability in Apache CXF

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

5.0
2013-08-19 CVE-2013-2175 Debian
Canonical
Redhat
Haproxy
Improper Input Validation vulnerability in multiple products

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.

5.0
2013-08-25 CVE-2013-4220 Linux Local Denial of Service vulnerability in Linux Kernel

The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel before 3.9.5 on the ARM64 platform allows local users to cause a denial of service (system crash) via vectors involving an attempted register access that triggers an unexpected value in the Exception Syndrome Register (ESR).

4.9
2013-08-25 CVE-2013-4205 Linux Resource Management Errors vulnerability in Linux Kernel

Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call.

4.7
2013-08-19 CVE-2013-2145 Canonical
Opensuse
Perlmonks
Improper Input Validation vulnerability in multiple products

The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.

4.4
2013-08-25 CVE-2012-6589 Myrephp Cross-Site Scripting vulnerability in Myrephp Myre Business Directory

Cross-site scripting (XSS) vulnerability in search.php in MYRE Business Directory allows remote attackers to inject arbitrary web script or HTML via the look parameter.

4.3
2013-08-25 CVE-2012-6587 Myrephp Cross-Site Scripting vulnerability in Myrephp Myre Vacation Rental

Cross-site scripting (XSS) vulnerability in vacation/1_mobile/alert_members.php in MYRE Vacation Rental Software allows remote attackers to inject arbitrary web script or HTML via the link_idd parameter in a login action.

4.3
2013-08-25 CVE-2012-6585 Myrephp Cross-Site Scripting vulnerability in Myrephp Myre Realty Manager

Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter.

4.3
2013-08-23 CVE-2013-3374 Bestpractical Information Disclosure vulnerability in Request Tracker

Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."

4.3
2013-08-23 CVE-2013-3372 Bestpractical Cross-Site Scripting vulnerability in Bestpractical RT

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.

4.3
2013-08-23 CVE-2013-3371 Bestpractical Cross-Site Scripting vulnerability in Bestpractical RT

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.

4.3
2013-08-23 CVE-2013-5570 Axel Jung
Typo3
Cross-Site Scripting vulnerability in Axel Jung JS CSS Optimizer

Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-08-21 CVE-2013-2967 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-08-20 CVE-2013-2172 Apache Cryptographic Issues vulnerability in Apache XML Security for Java

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

4.3
2013-08-20 CVE-2013-2157 Openstack Improper Authentication vulnerability in Openstack Keystone

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

4.3
2013-08-20 CVE-2013-2153 Apache Cryptographic Issues vulnerability in Apache XML Security for C++

The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue."

4.3
2013-08-20 CVE-2013-5323 Stanislas Rolland
Typo3
Cross-Site Scripting vulnerability in Stanislas Rolland Static Info Tables

Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-08-20 CVE-2013-5320 Sourcetreesolutions Cross-Site Scripting vulnerability in Sourcetreesolutions Mojoportal

Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in mojoPortal before 2.3.9.8 allows remote attackers to inject arbitrary web script or HTML via the txtSubject parameter.

4.3
2013-08-20 CVE-2013-5319 Atlassian Cross-Site Scripting vulnerability in Atlassian Jira

Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa.

4.3
2013-08-20 CVE-2013-4653 Alcatel Lucent Cross-Site Scripting vulnerability in Alcatel-Lucent products

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors.

4.3
2013-08-19 CVE-2013-5029 Opensuse
Phpmyadmin
Improper Input Validation vulnerability in multiple products

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.

4.3
2013-08-19 CVE-2013-4207 Putty
Simon Tatham
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.

4.3
2013-08-19 CVE-2013-4174 OWS
Drupal
Cross-Site Scripting vulnerability in OWS Scald 7.X1.0

Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module.

4.3
2013-08-19 CVE-2013-2136 Apache Cross-Site Scripting vulnerability in Apache Cloudstack

Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings.

4.3
2013-08-19 CVE-2013-5314 S9Y Cross-Site Scripting vulnerability in S9Y Serendipity

Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.

4.3
2013-08-19 CVE-2013-5312 Vastal Cross-Site Scripting vulnerability in Vastal PHPvid 1.2.3

Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2) cat parameter to groups.php.

4.3
2013-08-22 CVE-2013-2979 IBM Path Traversal vulnerability in IBM products

Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a crafted URL.

4.0
2013-08-20 CVE-2013-4155 Openstack Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openstack products

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.

4.0

23 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-08-20 CVE-2013-4956 Puppet
Puppetlabs
Permissions, Privileges, and Access Controls vulnerability in multiple products

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.

3.6
2013-08-22 CVE-2013-2299 Advantech Cross-Site Scripting vulnerability in Advantech Webaccess 5.0/6.0/7.0

Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-08-21 CVE-2013-4005 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields.

3.5
2013-08-21 CVE-2013-4004 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.7 and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-08-21 CVE-2013-0597 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-08-20 CVE-2013-5317 Ritecms Cross-Site Scripting vulnerability in Ritecms 1.0.0

Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php.

3.5
2013-08-23 CVE-2013-3368 Bestpractical Link Following vulnerability in Bestpractical RT

bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.

3.3
2013-08-19 CVE-2013-4236 Redhat Unspecified vulnerability in Redhat Enterprise Virtualization 3.0/3.2

VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response.

2.7
2013-08-19 CVE-2013-0167 Redhat Denial of Service vulnerability in Red Hat Enterprise Virtualization Hypervisor

VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields."

2.7
2013-08-23 CVE-2013-5587 Bestpractical Cross-Site Scripting vulnerability in Bestpractical RT

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket.

2.6
2013-08-20 CVE-2012-6582 Spambot Module Project
Drupal
Cross-Site Scripting vulnerability in Spambot Module Project Spambot

Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the watchdog.

2.6
2013-08-19 CVE-2013-5315 OWS
Drupal
Cross-Site Scripting vulnerability in OWS Scald 6.X1.0/6.X1.X/7.X1.0

Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than CVE-2013-4174.

2.6
2013-08-25 CVE-2013-4218 Intel Cryptographic Issues vulnerability in Intel Wimax Network Service 1.5.0/1.5.2

The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/SupplicantAgent.c in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses the same RSA private key in supplicant_key.pem on all systems, which allows local users to obtain sensitive information via unspecified decryption operations.

2.1
2013-08-25 CVE-2013-4217 Intel Cryptographic Issues vulnerability in Intel Wimax Network Service 1.5.0/1.5.2

The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices logs a cleartext password during certain attempts to set a password, which allows local users to obtain sensitive information by reading a log file.

2.1
2013-08-25 CVE-2013-4216 Intel Permissions, Privileges, and Access Controls vulnerability in Intel Wimax Network Service 1.5.0/1.5.2

The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses world-writable permissions for wimaxd.log, which allows local users to cause a denial of service (data corruption) by modifying this file.

2.1
2013-08-23 CVE-2011-4607 Putty Buffer Errors vulnerability in Putty 0.59/0.60/0.61

PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.

2.1
2013-08-23 CVE-2012-6583 Imagemenu Project
Drupal
Cross-Site Scripting vulnerability in Imagemenu Project Imagemenu

Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name.

2.1
2013-08-21 CVE-2013-4229 Monster Menus Module Project
Drupal
Cross-Site Scripting vulnerability in Monster Menus Module Project Monster Menus

Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.

2.1
2013-08-20 CVE-2013-4959 Puppet Information Exposure vulnerability in Puppet Enterprise

Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache.

2.1
2013-08-19 CVE-2013-4208 Putty
Simon Tatham
Information Exposure vulnerability in multiple products

The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.

2.1
2013-08-21 CVE-2013-2976 IBM Information Exposure vulnerability in IBM Websphere Application Server

The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors.

1.9
2013-08-19 CVE-2013-4242 Canonical
Debian
Gnupg
Opensuse
Information Exposure vulnerability in multiple products

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

1.9
2013-08-19 CVE-2013-2162 Canonical Race Condition vulnerability in Canonical Ubuntu Linux

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.

1.9