@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Google Chrome Multiple Security Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 11.4.1 - Blackmoon FTP "Port" Command Buffer Overflow
• 11.4.2 - eXtremeMP3 Player ".m3u" File Buffer Overflow
• 11.4.3 - Kingsoft Antivirus "KisKrnl.sys" Driver Denial of Service

Cross Platform

• 11.4.4 - Wireshark Dissectors Multiple Vulnerabilities
• 11.4.5 - Google Chrome prior to 8.0.552.237 Multiple Security Vulnerabilities
• 11.4.6 - IBM WebSphere Application Console Servlets Information Disclosure
• 11.4.7 - IBM WebSphere MQ Invalid Message Remote Buffer Overflow
• 11.4.8 - Objectivity/DB Administration Database Tools Remote Command Execution
• 11.4.9 - ICQ Automatic Updates Remote Code Execution
• 11.4.10 - CCID Card Serial Number Integer Overflow
• 11.4.11 - Avira AntiVir Personal Multiple Code Execution Vulnerabilities
• 11.4.12 - Sybase EAServer Multiple Vulnerabilities
• 11.4.13 - Winlog Pro Malformed Packet Stack Buffer Overflow
• 11.4.14 - gif2png GIF File Handling Remote Buffer Overflow
• 11.4.15 - HP Linux Imaging and Printing System SNMP Protocol Remote Code Execution
• 11.4.16 - IBM Tivoli Access Manager for e-business Unspecified Directory Traversal

Web Application - Cross Site Scripting

• 11.4.17 - LifeType HTTP "Referer" Header Cross-Site Scripting
• 11.4.18 - IBM WebSphere Application Server Cross-Site Scripting
• 11.4.19 - Multiple Rocomotion products Unspecified Cross-Site Scripting

Web Application - SQL Injection

• 11.4.20 - PHP-Fusion Teams Structure Module SQL Injection
• 11.4.21 - Advanced Webhost Billing System "oid" Parameter SQL Injection

Web Application

• 11.4.22 - glFusion BBCode HTML Injection
• 11.4.23 - Seo Panel Multiple HTML Injection Vulnerabilities
• 11.4.24 - SPIP Multiple Remote Security Vulnerabilities

PART I Critical Vulnerabilities

Part I Critical Vulnerabilities PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 4, 2011

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 10839 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 11.4.1 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Blackmoon FTP "Port" Command Buffer Overflow
• Description: Blackmoon FTP is an FTP server for Windows. The application is exposed to a buffer overflow issue Specifically, this issue occurs when issuing a "PORT" command with an overly large string as an argument. Blackmoon FTP version 3.1 Release 6 is affected.
• Ref: http://www.securityfocus.com/bid/45814

• 11.4.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: eXtremeMP3 Player ".m3u" File Buffer Overflow
• Description: eXtremeMP3 Player is a multimedia player available for Microsoft Windows. eXtremeMP3 Player is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing an ".m3u" file. eXtremeMP3 Player version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/45816

• 11.4.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Kingsoft Antivirus "KisKrnl.sys" Driver Denial of Service
• Description: Kingsoft Antivirus is a security application for Microsoft Windows platforms. Kingsoft Antivirus is exposed to a denial of service issue because the "KisKrnl.sys" driver fails to properly handle user stack pointers to the hooked "KiFastCallEntry" kernel function. Kingsoft Antivirus versions 2011 SP5.2, 2011.1.13.89 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/45821

• 11.4.4 - CVE: CVE-2011-0444, CVE-2011-0445
• Platform: Cross Platform
• Title: Wireshark Dissectors Multiple Vulnerabilities
• Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic; it is available for Microsoft Windows and for UNIX like operating systems. Wireshark is exposed to multiple issues when handling certain types of packets and protocols in varying conditions. Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 are affected.
• Ref: http://www.wireshark.org/security/wnpa-sec-2011-02.html

• 11.4.5 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome prior to 8.0.552.237 Multiple Security Vulnerabilities
• Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to multiple issues. Attackers may exploit these issues to execute arbitrary code in the context of the browser or cause denial of service. Other attacks are also possible. Chrome versions 8.x prior to 8.0.552.237 are affected. Ref: http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html

• 11.4.6 - CVE: CVE-2011-0316
• Platform: Cross Platform
• Title: IBM WebSphere Application Console Servlets Information Disclosure
• Description: IBM WebSphere Application Server (WAS) is an application server used for service oriented architecture. The application is exposed to an information disclosure issue. Specifically, the application incorrectly handles access to console servlets. WAS versions 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 are affected.
• Ref: http://xforce.iss.net/xforce/xfdb/58557

• 11.4.7 - CVE: CVE-2011-0314
• Platform: Cross Platform
• Title: IBM WebSphere MQ Invalid Message Remote Buffer Overflow
• Description: IBM WebSphere MQ is a commercially available messaging engine for enterprises. WebSphere MQ is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. WebSphere MQ 6.x (prior to 6.0.2.11) and WebSphere MQ 7.x (prior to 7.0.1.5) are affected.
• Ref: http://xforce.iss.net/xforce/xfdb/64550

• 11.4.8 - CVE: Not Available
• Platform: Cross Platform
• Title: Objectivity/DB Administration Database Tools Remote Command Execution
• Description: Objectivity/DB Administration is a database administration tool. Objectivity/DB Administration is exposed to a remote command execution issue that affects several administration tools. Specifically, the application fails to sufficiently authenticate users to the system, allowing attackers to access certain administration tools.
• Ref: http://www.kb.cert.org/vuls/id/782567

• 11.4.9 - CVE: Not Available
• Platform: Cross Platform
• Title: ICQ Automatic Updates Remote Code Execution
• Description: ICQ is an instant messaging client. ICQ is exposed to a remote code execution issue because it fails to adequately verify the origin of update data. ICQ 7 is affected.
• Ref: http://www.kb.cert.org/vuls/id/680540

• 11.4.10 - CVE: CVE-2010-4530
• Platform: Cross Platform
• Title: CCID Card Serial Number Integer Overflow
• Description: CCID provides a generic USB Chip/Smart Card Interface Device driver for processing smart cards. The application is exposed to an integer overflow issue that occurs in the "ccid_serial.c" file when processing certain values from a smart card serial number. CCID version 1.4.0 is affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=664986

• 11.4.11 - CVE: Not Available
• Platform: Cross Platform
• Title: Avira AntiVir Personal Multiple Code Execution Vulnerabilities
• Description: Avira AntiVir Personal is an antivirus application. Avira AntiVir Personal is exposed to multiple issues. Successful exploits may allow an attacker to execute arbitrary code with SYSTEM-level privileges.
• Ref: http://www.securityfocus.com/bid/45807

• 11.4.12 - CVE: Not Available
• Platform: Cross Platform
• Title: Sybase EAServer Multiple Vulnerabilities
• Description: Sybase EAServer is an application used for custom deployments. The application is exposed to multiple issues. Sybase EAServer versions 6.3 and earlier are affected.
• Ref: http://www.sybase.com/detail?id=1091057

• 11.4.13 - CVE: Not Available
• Platform: Cross Platform
• Title: Winlog Pro Malformed Packet Stack Buffer Overflow
• Description: Winlog Pro is a SCADA/HMI application for monitoring industrial and civil factories. Winlog Pro is exposed to a stack-based buffer overflow issue because it fails to adequately bounds check user-supplied input. Winlog Pro version 2.07.00 is affected.
• Ref: http://aluigi.altervista.org/adv/winlog_1-adv.txt

• 11.4.14 - CVE: CVE-2010-4694
• Platform: Cross Platform
• Title: gif2png GIF File Handling Remote Buffer Overflow
• Description: gif2png is an application for converting image files from GIF to PNG format. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. gif2png versions 2.5.3 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/45815

• 11.4.15 - CVE: CVE-2010-4267
• Platform: Cross Platform
• Title: HP Linux Imaging and Printing System SNMP Protocol Remote Code Execution
• Description: HP Linux Imaging and Printing System (HPLIP) is a Linux-based application for printing, scan, and faxing with HP inkjet and laser printers. HPLIP is exposed to a remote code execution issue that occurs when an HPLIP tool handles a specially crafted SNMP response.
• Ref: http://www.securityfocus.com/bid/45833

• 11.4.16 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Tivoli Access Manager for e-business Unspecified Directory Traversal
• Description: The IBM Tivoli Access Manager for e-business provides central access control for multiple services and applications in an enterprise environment. The IBM Tivoli Access Manager for e-business is exposed to a directory traversal issue because it fails to sufficiently sanitize unspecified user-supplied input to the WebSEAL web server. IBM Tivoli Access Manager for e-business versions 6.1, 6.0 and 5.1 running on AIX, Linux, Solaris, Z/OS and Windows are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg24025790

• 11.4.17 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: LifeType HTTP "Referer" Header Cross-Site Scripting
• Description: LifeType is a web log application written in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to "index.php" through the HTTP "Referer" header. LifeType version 1.2.10 is affected.
• Ref: http://www.securityfocus.com/bid/45799

• 11.4.18 - CVE: CVE-2011-0315
• Platform: Web Application - Cross Site Scripting
• Title: IBM WebSphere Application Server Cross-Site Scripting
• Description: IBM WebSphere Application Server (WAS) is an application server used for service oriented architecture. WAS is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input when a given application does not have an error page defined. WAS versions prior to 7.0.0.15 and 6.1.0.35 are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27007951

• 11.4.19 - CVE: CVE-2010-3931
• Platform: Web Application - Cross Site Scripting
• Title: Multiple Rocomotion products Unspecified Cross-Site Scripting
• Description: Multiple Rocomotion products are prone to an unspecified cross-site scripting issue because they fail to sufficiently sanitize user-supplied data.
• Ref: http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000006.html

• 11.4.20 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PHP-Fusion Teams Structure Module SQL Injection
• Description: PHP-Fusion is a PHP-based content manager; "Download System mSF" is a module for PHP-Fusion. The module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "team_id" parameter to "infusions/teams_structure/team.php" script before using it in an SQL query. Teams Structure version 3.0 is affected.
• Ref: http://www.php-fusion.co.uk/infusions/addondb/view.php?addon_id=120

• 11.4.21 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Advanced Webhost Billing System "oid" Parameter SQL Injection
• Description: Advanced Webhost Billing System (AWBS) is an application for managing domains. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "oid" parameter of the "cart" script before using it in an SQL query. AWBS version 2.9.2 is affected.
• Ref: http://www.securityfocus.com/bid/45827

• 11.4.22 - CVE: Not Available
• Platform: Web Application
• Title: glFusion BBCode HTML Injection
• Description: glFusion is a web-based forum application. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, BBCode "img" tags aren't properly sanitized. glFusion version 1.2.1 is affected.
• Ref: http://www.securityfocus.com/bid/45817

• 11.4.23 - CVE: Not Available
• Platform: Web Application
• Title: Seo Panel Multiple HTML Injection Vulnerabilities
• Description: SEO Panel is a search engine optimization tool. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied data through the "default_news" or "sponsors" cookie parameters before it is viewed through the "controllers/index.ctrl.php" or "controllers/settings.ctrl.php" scripts. Seo Panel version 2.2.0 is affected. Ref: http://www.uncompiled.com/2011/01/seo-panel-cookie-rendered-persistent-xss-vulnerability-cve-2010-4331/

• 11.4.24 - CVE: Not Available
• Platform: Web Application
• Title: SPIP Multiple Remote Security Vulnerabilities
• Description: SPIP is a web site publishing application. SPIP is exposed to multiple issues. SPIP versions prior to 2.1.8 are affected.
• Ref: http://www.spip-contrib.net/SPIP-2-1-8-corrige-une-importante-faille-de-securite

(c) 2011. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/