@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) HIGH: Google Chrome Multiple Security Vulnerabilities
• (2) HIGH: Apple iOS Multiple Security Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

• 11.17.1 - Microsoft Internet Explorer Unspecified Remote Code Execution
• 11.17.2 - Microsoft Windows Media Player ".ogg" File Remote Denial of Service

Third Party Windows Apps

• 11.17.3 - Winamp ".wlz" File Remote Buffer Overflow
• 11.17.4 - Real Networks RealPlayer "OpenURLInDefaultBrowser()" Function Remote Code Execution
• 11.17.5 - Computer Associates Total Defense Remote Code Execution and SQL Injection

Linux

• 11.17.6 - Linux Kernel CIFS Local Security Bypass

Novell

• 11.17.7 - SUSE Pure-FTPd Local Insecure File Permissions

Cross Platform

• 11.17.8 - TOTVS ERP Microsiga Protheus Denial of Service
• 11.17.9 - SAP GUI "saplogon.ini" File Buffer Overflow
• 11.17.10 - "glibc" Library Local Privilege Escalation
• 11.17.11 - Google Chrome Multiple Memory Corruption and Heap Overflow
• 11.17.12 - Wireshark Multiple Denial of Service and Buffer Overflow
• 11.17.13 - Mojolicious Directory Traversal
• 11.17.14 - Skype Insecure File Permissions Information Disclosure
• 11.17.15 - Cisco IOS PKI Functionality Security Bypass
• 11.17.16 - EMC NetWorker Unspecified File Remote Code Execution

Web Application - Cross Site Scripting

• 11.17.17 - BlackBerry Enterprise Server Web Desktop Manager Component Cross-Site Scripting
• 11.17.18 - SAP Netweaver Multiple Unspecified Cross-Site Scripting and Information Disclosure Vulnerabilities
• 11.17.19 - Atlassian Confluence Multiple Cross-Site Scripting
• 11.17.20 - EMC Adaptive Authentication Flash Shockwave File Cross Domain Scripting
• 11.17.21 - HP Network Node Manager i Unspecified Cross Site Scripting and Unauthorized Access

Web Application - SQL Injection

• 11.17.22 - TinyBB "viewthread.php" SQL Injection Vulnerability

Web Application

• 11.17.23 - Orbeon Forms XML Injection
• 11.17.24 - RT Multiple Remote Vulnerabilities
• 11.17.25 - MyBB Information Disclosure and SQL Injection

Hardware

• 11.17.26 - Technicolor THOMSON TG585v7 Wireless Router "url" Parameter Cross-Site Scripting

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

*****************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 15, 2011

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 11166 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 11.17.1 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer Unspecified Remote Code Execution
• Description: Internet Explorer is a browser for the Microsoft Windows operating system. Microsoft Internet Explorer is exposed to an unspecified remote code execution issue. Internet Explorer 9 is vulnerable; other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/47345/info

• 11.17.2 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Windows Media Player ".ogg" File Remote Denial of Service
• Description: Microsoft Windows Media Player is a multimedia application available for the Windows operating system. The application is exposed to a remote denial of service issue. Windows Media Player 11 is affected; other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/47413/info

• 11.17.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Winamp ".wlz" File Remote Buffer Overflow
• Description: Winamp is a multimedia player available for Microsoft Windows. The software is exposed to a buffer overflow issue because if fails to bound check user-supplied data before copying it into an insufficiently sized buffer. Specifically, the application fails to handle specially crafted ".wlz" files.Winamp 5.6.1 is affected.
• Ref: http://www.securityfocus.com/bid/47334/info

• 11.17.4 - CVE: CVE-2011-1426
• Platform: Third Party Windows Apps
• Title: Real Networks RealPlayer "OpenURLInDefaultBrowser()" Function Remote Code Execution
• Description: Real Networks RealPlayer is a media player available for multiple platforms. The application is exposed to a remote code execution issue because of an error in the internal browser component. RealPlayer versions prior to 14.0.3 for Windows are affected.
• Ref: http://service.real.com/realplayer/security/04122011_player/en/

• 11.17.5 - CVE: CVE-2011-1655, CVE-2011-1653, CVE-2011-1654
• Platform: Third Party Windows Apps
• Title: Computer Associates Total Defense Remote Code Execution and SQL Injection
• Description: Computer Associates Total Defense is a suite of security applications. The application is exposed to the following issues: a remote code execution issue exists in the "CA.Itm.Server.ManagementWS.dll" component, a remote code execution issue exists in the "management.asmx" module of the UNCWS web service, and multiple SQL injection issues. Total Defense version r12 is affected; other versions may also be affected.
• Ref: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AF
  E2-4D9D-8E0B-BE7F6E345866}

• 11.17.6 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel CIFS Local Security Bypass
• Description: The Linux kernel is the core of the Linux operating system. It is exposed to a local security bypass issue. The issue occurs when a user mounts a CIFS share with authentication and another user is able to mount the same share without needing the correct password. Kernel versions 2.6.x up to 2.6.37 is affected.
• Ref: http://www.securityfocus.com/bid/47381

• 11.17.7 - CVE: CVE-2011-0988
• Platform: Novell
• Title: SUSE Pure-FTPd Local Insecure File Permissions
• Description: Pure-FTPd is an FTP server application. The software is exposed to a local insecure file permissions issue when running OES Netware extensions. Pure-ftpd 1.0.22 on SLES 10 SP3 and SP4 and SLED 10 SP3 and SP4 are affected
• Ref: http://www.securityfocus.com/bid/47425/references

• 11.17.8 - CVE: Not Available
• Platform: Cross Platform
• Title: TOTVS ERP Microsiga Protheus Denial of Service
• Description: TOTVS ERP Microsiga Protheus is an application server. The software is exposed to a denial of service issue due to a memory corruption error. User-supplied input passed as an unspecified "size" parameter is used in a "memmove()" function without adequate validation. TOTVS ERP Microsiga Protheus version 8 and 10 are affected.
• Ref: http://www.securityfocus.com/archive/1/517465

• 11.17.9 - CVE: Not Available
• Platform: Cross Platform
• Title: SAP GUI "saplogon.ini" File Buffer Overflow
• Description: SAP GUI is a client interface for accessing various SAP applications. The software is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. SAP GUI version 7.1 and 7.2 are affected, other versions may also be affected.
• Ref: http://dsecrg.com/pages/vul/show.php?id=317

• 11.17.10 - CVE: CVE-2011-1095
• Platform: Cross Platform
• Title: "glibc" Library Local Privilege Escalation
• Description: glibc is an implementation of the GNU C library. The library is exposed to a local privilege escalation issue because it fails to perform adequate boundary checks on user-supplied data. glibc versions before 2.13 are affected.
• Ref: http://sourceware.org/bugzilla/show_bug.cgi?id=11904

• 11.17.11 - CVE: CVE-2011-1302,CVE-2011-1301,CVE-2011-130010.0.648.205 are affected.
• Platform: Cross Platform
• Title: Google Chrome Multiple Memory Corruption and Heap Overflow
• Description: Google Chrome is a web browser for multiple platforms. The software is exposed to multiple security issues. An off-by-three memory corruption issue affects the GPU process. A use-after-free memory corruption issue affects the GPU process. A heap-based overflow issue affects the GPU process. Google Chrome Versions prior to Chrome
• Ref: http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html

• 11.17.12 - CVE: CVE-2011-1142
• Platform: Cross Platform
• Title: Wireshark Multiple Denial of Service and Buffer Overflow
• Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic. The application is exposed to multiple remote issues. A denial of service issue affects the NFS dissector. A denial of service issue affects the X.509if dissector. A buffer overflow issue affects the DECT dissector. Wireshark versions 1.2.0 to 1.2.15 and 1.4.0 to 1.4.4 are affected.
• Ref: http://www.wireshark.org/security/wnpa-sec-2011-06.html

• 11.17.13 - CVE: CVE-2011-1589
• Platform: Cross Platform
• Title: Mojolicious Directory Traversal
• Description: Mojolicious is a web framework for the PERL programming language. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Mojolicious versions prior to 1.16 are affected.
• Ref: http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes

• 11.17.14 - CVE: CVE-2011-1717
• Platform: Cross Platform
• Title: Skype Insecure File Permissions Information Disclosure
• Description: Skype is a peer-to-peer communications application that supports Internet based voice communications. The software for Android is exposed to an information disclosure issue because the application sets insecure file permissions on the cached profile information. All versions of Skype for Android are affected.
• Ref: http://blogs.skype.com/security/2011/04/privacy_vulnerability_in_skype.html

• 11.17.15 - CVE: CVE-2011-0935
• Platform: Cross Platform
• Title: Cisco IOS PKI Functionality Security Bypass
• Description: Cisco IOS is network infrastructure software. The software is exposed to a security bypass issue because of a failure to properly prevent permanent caching of certain public keys in its PKI functionality. Cisco IOS version 15.0 and 15.1 are affected.
• Ref: http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.ht
  ml , http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html

• 11.17.16 - CVE: CVE-2011-1421
• Platform: Cross Platform
• Title: EMC NetWorker Unspecified File Remote Code Execution
• Description: EMC NetWorker is a centralized data protection system available for multiple operating systems. The software is exposed to a potential issue due to incorrect permissions in certain unspecified files. EMC NetWorker 7.6.x and 7.5.x are affected.
• Ref: http://www.securityfocus.com/archive/1/517532

• 11.17.17 - CVE: CVE-2011-0286
• Platform: Web Application - Cross Site Scripting
• Title: BlackBerry Enterprise Server Web Desktop Manager Component Cross-Site Scripting
• Description: Blackberry Enterprise Server is communications middleware for Research In Motion Blackberry devices. The software is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. BlackBerry Enterprise Server before 5.0.2 MR5 and 5.0.3 before MR1 are affected.
• Ref: http://www.blackberry.com/btsc/dynamickc.do?externalId=KB26296&sliceID=1&
  ;command=show&forward=nonthreadedKC&kcId=KB26296

• 11.17.18 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: SAP Netweaver Multiple Unspecified Cross-Site Scripting and Information Disclosure Vulnerabilities
• Description: SAP NetWeaver is an integration platform for enterprise applications. The software is exposed to a cross-site scripting issue and an information disclosure issue. NetWeaver up to 7.30 and SAP Web Application Server up to 7.0.10 are affected
• Ref: http://www.securityfocus.com/bid/47391/info

• 11.17.19 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Atlassian Confluence Multiple Cross-Site Scripting
• Description: Atlassian Confluence is a web application. The application is vulnerable to multiple cross-site scripting issues due to improper sanitization of user-supplied input to the "document" and "Table of Contents" macros. Atlassian Confluence versions 2.7 through 3.4.5 and versions 2.9 through 3.4.8 are affected.
• Ref: http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2011-01
  -18 http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2011-03
  -24

• 11.17.20 - CVE: CVE-2011-1422
• Platform: Web Application - Cross Site Scripting
• Title: EMC Adaptive Authentication Flash Shockwave File Cross Domain Scripting
• Description: EMC Adaptive Authentication is an authentication platform. The software is exposed to a cross-domain scripting issue. Adaptive Authentication (On-Premise) versions 2.x, 5.7.x and 6.x are affected.
• Ref: http://www.securityfocus.com/archive/1/517534

• 11.17.21 - CVE: CVE-2011-0898,CVE-2011-0897, CVE-2011-1534
• Platform: Web Application - Cross Site Scripting
• Title: HP Network Node Manager i Unspecified Cross Site Scripting and Unauthorized Access
• Description: HP OpenView Network Node Manager i (NNMi) is a fault management application for IP networks. The software is exposed to the following issues: an unspecified cross-site scripting issue because it fails to adequately sanitize user-supplied input, a local unauthorized access issue caused by an unspecified error and a local security-bypass issue. HP Open View Network Node Manager i version 9.00 is affected.
• Ref: http://www.securityfocus.com/archive/1/517471

• 11.17.22 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: TinyBB "viewthread.php" SQL Injection Vulnerability
• Description: TinyBB is a bulletin board application implemented in PHP. The software is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data passed to the "post" parameter of the "inc/viewthread.php"script.TinyBB 1.4 is affected.
• Ref: http://www.securityfocus.com/bid/47346/info

• 11.17.23 - CVE: CVE-2010-3260
• Platform: Web Application
• Title: Orbeon Forms XML Injection
• Description: Orbeon Forms is a web-based application used to build and deploy web forms. The application is exposed to an XML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Orbeon Forms versions prior to 3.9 are affected.
• Ref: http://wiki.orbeon.com/forms/doc/developer-guide/release-notes/39#TOC-Security

• 11.17.24 - CVE:CVE-2011-1690,CVE-2011-1689,CVE-2011-1688,CVE-2011-1687,CVE-2011-1686,CVE-2011-1685
• Platform: Web Application
• Title: RT Multiple Remote Vulnerabilities
• Description: RT (Request Tracker) is a bug tracking application. RT is exposed to multiple remote vulnerabilities. RT Versions prior to 3.6.11 and 3.8.10 are affected.
• Ref: http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html

• 11.17.25 - CVE: Not Available
• Platform: Web Application
• Title: MyBB Information Disclosure and SQL Injection
• Description: MyBB is a PHP-based forum application. MyBB is exposed to an SQL injection issue.and an information disclosure issue. MyBB versions prior to 1.6.3 and 1.4.16 are affected.
• Ref: http://blog.mybb.com/2011/04/17/mybb-1-6-3-and-1-4-16-security-update/

• 11.17.26 - CVE: Not Available
• Platform: Hardware
• Title: Technicolor THOMSON TG585v7 Wireless Router "url" Parameter Cross-Site Scripting
• Description: THOMSON TG585v7 is a wireless router device. The device is exposed to a cross-site scripting issue because its web interface fails to properly sanitize user-supplied input. Firmware versions prior to 8.2.7.6 are affected.
• Ref: http://www.securityfocus.com/archive/1/517526

(c) 2011. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/