@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Adobe Reader and Acrobat 'CoolType.dll' Memory Corruption Remote Code Execution Vulnerability
• (2) HIGH: Oracle Database Server Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 11.18.1 - Kaspersky Administration Kit "SMBRelay" Remote Code Execution

Linux

• 11.18.2 - Ubuntu language-selector Local Privilege Escalation

BSD

• 11.18.3 - FreeBSD Network ACL mishandling in mountd(8)

Solaris

• 11.18.4 - Oracle Solaris Multiple Vulnerabilities

Cross Platform

• 11.2.0.2 - Oracle Database Server Multiple Remote Vulnerabilities
• 11.18.6 - Oracle Sun GlassFish/Java System Application Server Remote Vulnerability
• 11.18.7 - Oracle Fusion Middleware Local Oracle Outside In Technology Multiple Vulnerabilities
• 11.18.8 - Oracle E-Business Suite Multiple Vulnerabilities
• 11.18.9 - Oracle PeopleSoft Enterprise HRMS Multiple Remote Vulnerabilities
• 11.18.10 - Oracle JD Edwards EnterpriseOne Tools Multiple Vulnerabilities
• 11.18.11 - Oracle PeopleSoft Enterprise CRM Remote Vulnerability
• 11.18.12 - Oracle PeopleSoft Enterprise People Tools Remote Vulnerability
• 11.18.13 - Oracle PeopleSoft Enterprise ELS Remote Vulnerability
• 11.18.14 - Oracle InForm Remote Vulnerability
• 11.18.15 - Oracle Application Server Multiple Remote Security Vulnerabilities
• 11.18.16 - Oracle Siebel CRM Core Multiple Remote Vulnerabilities
• 11.18.17 - HP Performance Insight Unspecified Information Disclosure
• 11.18.18 - Adobe Reader and Acrobat "CoolType.dll" Memory Corruption Remote Code Execution
• 11.18.19 - Google Chrome CSS Handling Status Bar Spoofing
• 11.18.20 - HP Network Automation Unspecified Information Disclosure
• 11.18.21 - Real Networks RealPlayer "ieframe.dll" Remote Code Execution

Web Application - Cross Site Scripting

• 11.18.22 - HP SiteScope Cross-Site Scripting and HTML Injection

Web Application

• 11.18.23 - Computer Associates SiteMinder User Impersonation
• 11.18.24 - HP Systems Insight Manager Multiple Vulnerabilities
• 11.18.25 - HP ProLiant Support Pack Multiple Unspecified Security Vulnerabilities
• 11.18.26 - HP Insight Control Multiple Unspecified Security Vulnerabilities

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

*****************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 16, 2011

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 11190 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 11.18.1 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Kaspersky Administration Kit "SMBRelay" Remote Code Execution
• Description: Kaspersky Administration Kit is a centralized administration tool. The software is exposed to a remote code execution issue. When the "Scan IP subnets" function is enabled, the application attempts to use the SMB protocol through the service account. This can cause an SMBRelay attack to gain access to the service account credentials. Kaspersky Administration Kit from 6.0 are affected.
• Ref: http://www.securityfocus.com/bid/47563/info

• 11.18.2 - CVE: CVE-2011-0729
• Platform: Linux
• Title: Ubuntu language-selector Local Privilege Escalation
• Description: The Ubuntu language-selector is an application used to select languages for Ubuntu Linux. The application is exposed to a local privilege escalation issue. Specifically, the issue occurs because the language-selector D Bus backend improperly checks for Policy Kit authorizations. Language-selector versions prior to 0.6.7 are affected.
• Ref: https://launchpad.net/ubuntu/+source/language-selector/0.6.7

• 11.18.3 - CVE: CVE-2011-1739
• Platform: BSD
• Title: FreeBSD Network ACL mishandling in mountd(8)
• Description: FreeBSD is an Operating System. FreeBSD is exposed to a security bypass issue that occurs in the "mountd" daemon. Specifically, when the service parses the exports table, entries with a network mask that is not a multiple of 8 will result in an incorrect Access Control List entry. All supported versions of FreeBSD are affected.
• Ref: http://security.freebsd.org/advisories/FreeBSD-SA-11:01.mountd.asc

• 11.18.4 - CVE: CVE-2011-0820, CVE-2011-0790, CVE-2011-0821,CVE-2011-0801, CVE-2011-0839, CVE-2011-0812, CVE-2011-0820,CVE-2011-0829, CVE-2011-0813, CVE-2011-0841, CVE-2011-0800
• Platform: Solaris
• Title: Oracle Solaris Multiple Vulnerabilities
• Description: Oracle Solaris is an Operating System. The software is exposed to multiple security issues. Multiple remote security issues affect "Kernel" and "TCP/IP" sub components. Multiple local security issues affect the "cp", "LOFS", "Kernel", "uucp", "Kernel/SPARC", "wbem" and "Administration Utilities" sub components. Oracle Solaris versions 8, 9, 10, 11 Express are affected.
• Ref: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

• 11.2.0.2 - CVE:CVE-2011-0799,CVE-2011-0792,CVE-2011-0804;CVE-2011-0805,CVE-2011-0793,CVE-2011-078510.2.0.3, and10.1.0.5 are affected.
• Platform: Cross Platform
• Title: Oracle Database Server Multiple Remote Vulnerabilities
• Description: Oracle Database Server is exposed to multiple issues. A remote issue exists in Oracle Warehouse Builder over the "Oracle Net" protocol. A remote vulnerability exists in UIX. A remote issue exists in Database Vault. A remote vulnerability exists in Oracle Help. Oracle Database Server
• Ref: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

• 11.18.6 - CVE: CVE-2011-0807
• Platform: Cross Platform
• Title: Oracle Sun GlassFish/Java System Application Server Remote Vulnerability
• Description: Oracle Sun GlassFish/Java System Application Server is exposed to a remote issue. The issue is in the "Administration" sub component. Oracle Sun GlassFish/Java System Application Server 2.1, 2.1.1, 3.0.1 and 9.1 are affected
• Ref: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

• 11.18.7 - CVE: CVE-2011-0808, CVE-2011-0794
• Platform: Cross Platform
• Title: Oracle Fusion Middleware Local Oracle Outside In Technology Multiple Vulnerabilities
• Description: Oracle Fusion Middleware is exposed to multiple local issues in Oracle Outside In Technology in "Outside In Filters" and " Outside In File ID SDK" sub components. Oracle Fusion Middleware versions 8.3.2.0 and 8.3.5.0 are affected.
• Ref: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

• 11.18.8 - CVE: CVE-2011-0791,CVE-2011-0796,CVE-2011-0797,CVE-2011-0809
• Platform: Cross Platform
• Title: Oracle E-Business Suite Multiple Vulnerabilities
• Description: Oracle E-Business Suite is exposed to multiple issues. A remote issue exists in Application Object Library. A local isue exists in Applications Install. A remote issue exists in Web ADI. Oracle E-Business Suite versions 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3 are affected.
• Ref: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

• 11.18.9 - CVE:CVE-2011-0858,CVE-2011-0859,CVE-2011-0853,CVE-2011-0854,CVE-2011-0860,CVE-2011-0857
• Platform: Cross Platform
• Title: Oracle PeopleSoft Enterprise HRMS Multiple Remote Vulnerabilities
• Description: Oracle PeopleSoft Enterprise HRMS is exposed to multiple issues. A remote issue exists in the "Talent Acquisition Manager" sub component. A remote issue exists in the "Global Payroll - North America" sub component. A remote issue exists in the "ePerformance" sub component. A remote issue exists in the "Global Payroll - Spain" sub component. A remote issue exists in The "Pension Administration" sub component. Oracle PeopleSoft Enterprise HRMS version 9.0 Bundle #15, 9.0 Tax Update 11-B, 9.1 Tax Update 11-B and 9.1 Bundle #5 are affected.
• Ref: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

• 11.18.10 - CVE:CVE-2011-0825,CVE-2011-0824,CVE-2011-0803,CVE-2011-0810,CVE-2011-0819,CVE-2011-083624.1.3 are affected.
• Platform: Cross Platform
• Title: Oracle JD Edwards EnterpriseOne Tools Multiple Vulnerabilities
• Description: Oracle JD Edwards EnterpriseOne Tools is exposed to multiple remote issues in "Enterprise Infrastructure SEC" sub component and the "Web Runtime SEC" sub component. Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through
• Ref: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

• 11.18.11 - CVE: CVE-2011-0850
• Platform: Cross Platform
• Title: Oracle PeopleSoft Enterprise CRM Remote Vulnerability
• Description: Oracle PeopleSoft Enterprise CRM is exposed to a remote issue in the "Order Capture" sub component. PeopleSoft Enterprise CRM 8.9 Bundle #41 is affected.
• Ref: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

• 11.18.12 - CVE: CVE-2011-0827
• Platform: Cross Platform
• Title: Oracle PeopleSoft Enterprise People Tools Remote Vulnerability
• Description: Oracle PeopleSoft Enterprise is exposed to a remote issue in "PeopleTools" sub component. Oracle PeopleSoft Enterprise People Tools versions 8.50 GA through 8.50.17 and 8.51 GA through 8.51.07 are affected.
• Ref: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

• 11.18.13 - CVE: CVE-2011-0851
• Platform: Cross Platform
• Title: Oracle PeopleSoft Enterprise ELS Remote Vulnerability
• Description: Oracle PeopleSoft Enterprise ELS is exposed to a remote issue in the "Enterprise Learning Mgmt" sub component. Oracle PeopleSoft Enterprise ELS 9.0 Bundle #19 and 9.1 Bundle #5 are affected.
• Ref: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

• 11.18.14 - CVE: CVE-2011-0855
• Platform: Cross Platform
• Title: Oracle InForm Remote Vulnerability
• Description: Oracle InForm is exposed to a remote issue in the "Core" sub component. Oracle InForm 4.5, 4.6 and 5.0 are affected.
• Ref: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

• 11.18.15 - CVE: CVE-2011-0795,CVE-2011-0789
• Platform: Cross Platform
• Title: Oracle Application Server Multiple Remote Security Vulnerabilities
• Description: Oracle Application Server is exposed to multiple remote issues in Single Sign On. See reference for complete details. Oracle Application Server 10.1.2.3 is affected.
• Ref: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

• 11.18.16 - CVE: CVE-2011-0843,CVE-2011-0834,CVE-2011-0833
• Platform: Cross Platform
• Title: Oracle Siebel CRM Core Multiple Remote Vulnerabilities
• Description: Oracle Siebel is exposed to multiple remote issues in Siebel CRM Core. A remote issue exists in the "Globalization - Automotive" sub component. A remote issue exists in the "UIF Client" sub component. Oracle Siebel versions 7.8.2, 8.0.0 and 8.1.1 are affected.
• Ref: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

• 11.18.17 - CVE: CVE-2011-1536
• Platform: Cross Platform
• Title: HP Performance Insight Unspecified Information Disclosure
• Description: HP Performance Insight is an application for managing network data. The application is exposed to an unspecified information disclosure issue. HP Performance Insight versions 5.0, 5.1x, 5.2x, 5.3x, 5.4, 5.41, and 5.41.002 are affected.
• Ref: http://www.securityfocus.com/bid/47522/info

• 11.18.18 - CVE: CVE-2011-0610
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat "CoolType.dll" Memory Corruption Remote Code Execution
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote code execution issue due to an unspecified memory corruption issue in the CoolType library ("cooltype.dll"). Adobe Reader X (10.0.1) and earlier for Windows, Adobe Reader X (10.0.2) and earlier for Macintosh and Adobe Acrobat X (10.0.2) and earlier for Windows and Macintosh are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb11-08.html

• 11.18.19 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome CSS Handling Status Bar Spoofing
• Description: Google Chrome a web browser. The software is exposed to a weakness that may allow an attacker to obfuscate a malicious link. This issue is due to an error when displaying domain names in the status bar of the browser while handling certain Cascading Style Sheets. Google Chrome version 10.0.648.205 is affected; other versions may also be affected.
• Ref: http://xeyeteam.appspot.com/2011/04/15/IE-Chrome-Firefox-Status-Bar-Spoofing-Vul
  nerability.html

• 11.18.20 - CVE: CVE-2011-1725
• Platform: Cross Platform
• Title: HP Network Automation Unspecified Information Disclosure
• Description: HP Network Automation is an application for managing network data. The application is exposed to an unspecified information disclosure issue. HP Network Automation versions 7.2, 7.5, 7.6, 9.0, 9.10 are affected.
• Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02789514

• 11.18.21 - CVE: Not Available
• Platform: Cross Platform
• Title: Real Networks RealPlayer "ieframe.dll" Remote Code Execution
• Description: Real Networks RealPlayer is a media player available for multiple platforms. The application is exposed to a remote code execution issue because of an error in the internal browser component. This issue affects the "ieframe.dll" Dynamic Link Library file of the "realplayer.exe" source file. RealPlayer 11 is affected; other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/47565/discuss

• 11.18.22 - CVE: CVE-2011-1727,CVE-2011-1726
• Platform: Web Application - Cross Site Scripting
• Title: HP SiteScope Cross-Site Scripting and HTML Injection
• Description: HP SiteScope is an agentless monitoring application. The application is exposed to a cross-site scripting issue and an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. HP SiteScope versions 9.54, 10.13, 11.01, and 11.1 are affected.
• Ref: http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02807712

• 11.18.23 - CVE: CVE-2011-1718
• Platform: Web Application
• Title: Computer Associates SiteMinder User Impersonation
• Description: Computer Associates SiteMinder is an application for managing web access. SiteMinder is exposed to a user impersonation issue because it fails to properly handle headers with multiple lines. Specifically, this issue occurs while handling specially crafted data. CA SiteMinder R6 Web Agents versions prior to R6 SP6 CR2 and CA SiteMinder R12 Web Agents versions prior to R12 SP3 CR2 are affected.
• Ref: http://community.ca.com/blogs/casecurityresponseblog/archive/tags/CVE-2011-1718/
  default.aspx

• 11.18.24 - CVE: CVE-2011-1543, CVE-2011-1542
• Platform: Web Application
• Title: HP Systems Insight Manager Multiple Vulnerabilities
• Description: HP Systems Insight Manager is a tool for managing HP servers. The application is exposed to an unspecified cross-site request forgery issue because it fails to properly validate HTTP requests and a cross-site scripting issue because it fails to properly sanitize user-supplied input. Systems Insight Manager version prior to 6.3 are affected.
• Ref: http://www.securityfocus.com/archive/1/517607

• 11.18.25 - CVE: CVE-2011-1539,CVE-2011-1538,CVE-2011-1537
• Platform: Web Application
• Title: HP ProLiant Support Pack Multiple Unspecified Security Vulnerabilities
• Description: HP Proliant Support Packs are bundles of drivers, utilities, and management agents for ProLiant systems. HP ProLiant servers are hardware storage devices. The application is exposed to multiple issues. An unspecified cross-site scripting issue affects the application because it fails to adequately sanitize user-supplied input. An unspecified URI redirection issue affects the application because it fails to adequately sanitize user-supplied input. An information disclosure issue affects the application due to an unspecified error. HP ProLiant Support Pack versions prior to 8.7 running on Linux and Windows are affected.
• Ref: http://www.securityfocus.com/archive/1/517598

• 11.18.26 - CVE: CVE-2011-1545, CVE-2011-1544
• Platform: Web Application
• Title: HP Insight Control Multiple Unspecified Security Vulnerabilities
• Description: HP Insight Control is a server management application. The application is exposed to multiple security issues including: an unspecified cross-site request forgery issue exists because the application fails to properly validate HTTP requests and an unspecified remote code execution issue. HP Insight Control versions prior to 6.3 are affected.
• Ref: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02748970

(c) 2011. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/