@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Adobe Flash Player Multiple Vulnerabilities
• (2) MEDIUM: Google Chrome Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 12.10.1 - NetDecision HTTP Server Stack-Based Buffer Overflow
• 12.10.2 - Novell Groupwise Client Address Book Parsing Remote Code Execution
• 12.10.3 - IBM Tivoli Provisioning Manager Express ActiveX Control Remote Code Execution
• 12.10.4 - FlashFXP Multiple Buffer Overflow Vulnerabilities
• 12.10.5 - Splash PRO ".avi" File Denial of Service
• 12.10.6 - TwinCAT Scope Heap Based Buffer Overflow
• 12.10.7 - XArrow Multiple Remote Denial of Service Vulnerabilities

Linux

• 12.10.8 - LightDM Arbitrary File Access

Cross Platform

• 12.10.9 - Ruby on Rails Multiple Cross-Site Scripting Vulnerabilities
• 12.10.10 - Parallels Plesk Panel Unspecified Remote Security Vulnerability
• 12.10.11 - Google Chrome Multiple Security Vulnerabilities
• 12.10.12 - Novell ZENworks Configuration Management Unspecified Vulnerability
• 12.10.13 - Adobe Flash Player Multiple Vulnerabilities
• 12.10.14 - RSA SecurID Software Token Converter Buffer Overflow
• 12.10.15 - FreeType Multiple Remote Vulnerabilities

Web Application - Cross Site Scripting

• 12.10.16 - ZB BLOCK Multiple Cross-Site Scripting Vulnerabilities

Web Application - SQL Injection

• 12.10.17 - OpenX "sessionID" SQL Injection

Web Application

• 12.10.18 - LDAP Account Manager Pro Cross Site Scripting and HTML Injection Vulnerabilities
• 12.10.19 - CMS Builder Multiple HTML Injection Vulnerabilities
• 12.10.20 - Open Realty "select_users_template" Parameter Local File Include
• 12.10.21 - Symfony2 XML Parsing Local File Disclosure
• 12.10.22 - MantisBT Multiple Security Bypass Vulnerabilities

Network Device

• 12.10.23 - Cisco Wireless LAN Controller Multiple Vulnerabilities

Hardware

• 12.10.24 - Cisco TelePresence Video Communication Server Session Denial of Service Vulnerabilities

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

*************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 10, 2012

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 13467 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 12.10.1 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: NetDecision HTTP Server Stack-Based Buffer Overflow
• Description: NetDecision is an integrated network, system, application and datacenter monitoring software. The application is exposed to a stack-based buffer overflow issue. This issue occurs due to a boundary error in the HTTP server when handling web requests. NetDecision 4.5.1 is vulnerable; other versions may also be affected.
• Ref: http://www.netmechanica.com/news/?news_id=26 http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_Vul
  n.txt

• 12.10.2 - CVE: CVE-2011-4189
• Platform: Third Party Windows Apps
• Title: Novell Groupwise Client Address Book Parsing Remote Code Execution
• Description: Novell GroupWise Client allows users to access Novell services from remote computers. Novell GroupWise Client is exposed to a remote code execution issue. Specifically, the issue is triggered when a specially crafted Novell Address Book (*.NAB) file with an overly long email address is processed. Novell GroupWise 8.0x through 8.02HP3 are affected.
• Ref: http://www.novell.com/support/viewContent.do?externalId=7010205 http://www.securityfocus.com/bid/52233/discuss

• 12.10.3 - CVE: CVE-2012-0199
• Platform: Third Party Windows Apps
• Title: IBM Tivoli Provisioning Manager Express ActiveX Control Remote Code Execution
• Description: IBM Tivoli Provisioning Manager Express for Software Distribution is an application for inventory and software distribution management. The application is exposed to a remote code execution issue due to an unsafe call to the "strcat" function. The problem affects the "RunAndUploadFile" method of the "Isig.isigCtl.1" ActiveX control used to create an Asset Information file. IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 is affected.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-12-040/?utm_source=feedburner&am
  p;utm_medium=feed&utm_campaign=Feed%3A+ZDI-Published-Advisories+%28Zero+Day+
  Initiative+Published+Advisories%29&utm_content=F http://www.securityfocus.com/bid/52252/discuss

• 12.10.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: FlashFXP Multiple Buffer Overflow Vulnerabilities
• Description: FlashFXP is an FTP server for use on Microsoft Windows operating systems. FlashFXP is exposed to multiple buffer overflow issues that affect the "TListBox" and "TComboBox" controls. FlashFXP 4.1.8.1701 is vulnerable and other versions may also be affected.
• Ref: http://www.vulnerability-lab.com/get_content.php?id=462 http://www.securityfocus.com/bid/52259/discuss

• 12.10.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Splash PRO ".avi" File Denial of Service
• Description: Splash PRO is a multimedia player available for Microsoft Windows. Splash PRO is exposed to a denial of service issue. Specifically the application fails to handle specially crafted ".avi" files. Splash PRO 1.12.1 is vulnerable and other versions may also be affected.
• Ref: http://packetstormsecurity.org/files/110414/splashpro-dos.txt http://www.securityfocus.com/bid/52273/discuss

• 12.10.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: TwinCAT Scope Heap Based Buffer Overflow
• Description: TwinCAT Scope is software for monitoring and controlling SCADA automation equipment and process products. The application is exposed to a heap-based buffer overflow issue because it fails to properly validate user supplied input. Specifically, the issue occurs in "TCatScopeView.exe" when processing a specially crafted "SVW" file. TwinCAT Scope 2.9.0.226 is vulnerable and other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/52294/discuss

• 12.10.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: XArrow Multiple Remote Denial of Service Vulnerabilities
• Description: XArrow is a SCADA/HMI product. XArrow is exposed to the following remote denial of service issues. 1) A NULL pointer dereference issue. 2) A heap-based memory corruption issue. 3) An invalid read access issue and a memory corruption issue. XArrow 3.2 and prior versions are affected.
• Ref: http://aluigi.org/adv/xarrow_1-adv.txt http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-065-01.pdf

• 12.10.8 - CVE: Not Available
• Platform: Linux
• Title: LightDM Arbitrary File Access
• Description: Light Display Manager (LightDM) is a cross desktop display manager. The application is exposed to an arbitrary file access issue because it leaks several file descriptors to the child process. Light Display Manager (LightDM) 1.0.6-3 is vulnerable. Other versions may also be affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658678 https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/927060

• 12.10.9 - CVE: Not Available
• Platform: Cross Platform
• Title: Ruby on Rails Multiple Cross-Site Scripting Vulnerabilities
• Description: Ruby on Rails is a web application framework for multiple platforms. The application is exposed to multiple cross-site scripting issues. The issues exist because the application fails to validate user supplied data submitted to the "SafeBuffer" objects and "Select" tag options. Ruby on Rails versions prior to 3.2.2, 3.1.4, and 3.0.12 are affected.
• Ref: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1
  e3d04e913 https://bugzilla.redhat.com/show_bug.cgi?id=799275 https://bugs.gentoo.org/show_bug.cgi?id=406547

• 12.10.10 - CVE: Not Available
• Platform: Cross Platform
• Title: Parallels Plesk Panel Unspecified Remote Security Vulnerability
• Description: Parallels Plesk Panel is a website creation and management application. Parallels Plesk Panel is exposed to an unspecified remote security issue that allows attackers to gain unauthorized administrative access to the application. Parallels Plesk Panel versions 7.6.1 through 10.3.1 are affected.
• Ref: http://kb.parallels.com/en/113321 http://www.securityfocus.com/bid/52267/discuss

• 12.10.11 - CVE:CVE-2011-3044,CVE-2011-3043,CVE-2011-3042,CVE-2011-3041,CVE-2011-3040,CVE-2011-3039,CVE-2011-3038,CVE-2011-3037,CVE-2011-3036,CVE-2011-3035,CVE-2011-3034,CVE-2011-3033,CVE-2011-3032,CVE-2011-303117.0.963.65 are affected.
• Platform: Cross Platform
• Title: Google Chrome Multiple Security Vulnerabilities
• Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to the multiple security issues. See reference for further details. Google Chrome versions prior to
• Ref: http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html http://www.securityfocus.com/bid/52271/discuss

• 12.10.12 - CVE: Not Available
• Platform: Cross Platform
• Title: Novell ZENworks Configuration Management Unspecified Vulnerability
• Description: Novell ZENworks Configuration Management is an IT management application. Novell ZENworks Configuration Management is exposed to an unspecified issue in the "HTTP TRACE" method. Novell ZENworks Configuration Management 10.3 SP3 is vulnerable and other versions may also be affected.
• Ref: http://www.novell.com/support/viewContent.do?externalId=7010137 http://www.securityfocus.com/bid/52291/discuss

• 12.10.13 - CVE: CVE-2012-0769,CVE-2012-0768
• Platform: Cross Platform
• Title: Adobe Flash Player Multiple Vulnerabilities
• Description: Adobe Flash Player is a multimedia application for multiple platforms. Adobe Flash Player is exposed to a memory corruption issue and an information disclosure issue. Adobe Flash Player11.1.102.62 and earlier versions are affected.
• Ref: https://www.adobe.com/support/security/bulletins/apsb12-05.html

• 12.10.14 - CVE: CVE-2012-0397
• Platform: Cross Platform
• Title: RSA SecurID Software Token Converter Buffer Overflow
• Description: RSA SecurID Software Token Converter is a command line utility that converts a software token file (SDTID file) from XML format to a Compressed Token Format. RSA SecurID Software Token Converter is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user supplied data. All versions of RSA SecurID Software Token Converter are affected.
• Ref: http://www.securityfocus.com/archive/1/521885

• 12.10.15 - CVE:CVE-2012-1144,CVE-2012-1143,CVE-2012-1142,CVE-2012-1141,CVE-2012-1140,CVE-2012-1139,CVE-2012-1138,CVE-2012-1137,CVE-2012-1136,CVE-2012-1135,CVE-2012-1134,CVE-2012-1133,CVE-2012-1132,CVE-2012-1131,CVE-2012-1130,CVE-2012-1129,CVE-2012-1128,CVE-2012-1127
• Platform: Cross Platform
• Title: FreeType Multiple Remote Vulnerabilities
• Description: FreeType is an open source font handling library. FreeType is exposed to multiple security issues. See reference for further details. FreeType versions prior to 2.4.9 are affected.
• Ref: http://www.securityfocus.com/bid/52318/references

• 12.10.16 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: ZB BLOCK Multiple Cross-Site Scripting Vulnerabilities
• Description: ZB BLOCK is a web-based application implemented in PHP. The application is exposed to multiple cross-site scripting issues. These issues occurs because the application allows attackers to perform certain actions without validating the request. Specifically, attackers can supply data through the "HTTP_REFERER" and "HTTP_USER_AGENT" header of the "zbblock/hackme.php" script. ZB BLOCK 0.4.9 Final is vulnerable and other versions may be affected.
• Ref: http://www.securityfocus.com/bid/52305/discuss

• 12.10.17 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: OpenX "sessionID" SQL Injection
• Description: OpenX is a web-based ad server implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user supplied data submitted to the "sessionID" cookie parameter in the administrative interface before using it in an SQL query. OpenX 2.8.1 through 2.8.7 are affected.
• Ref: http://blog.openx.org/12/security-matters-3/ http://www.securityfocus.com/bid/52308/discuss

• 12.10.18 - CVE: Not Available
• Platform: Web Application
• Title: LDAP Account Manager Pro Cross Site Scripting and HTML Injection Vulnerabilities
• Description: LDAP Account Manager Pro is a web frontend for managing accounts stored in an LDAP directory. The application is exposed to the following vulnerabilities because it fails to properly sanitize user supplied input. 1) An HTML injection issue affects certain input submitted to the application. 2) A cross site scripting issue affects the "attr" parameter of the "templates/3rdParty/pla/htdocs/cmd.php" script. LDAP Account Manager Pro 3.6 is vulnerable and other versions may also be affected.
• Ref: http://www.vulnerability-lab.com/get_content.php?id=458 http://www.securityfocus.com/bid/52255/discuss

• 12.10.19 - CVE: Not Available
• Platform: Web Application
• Title: CMS Builder Multiple HTML Injection Vulnerabilities
• Description: CMS Builder is a web-based content manager. The application is exposed to multiple HTML injection issue because it fails to sufficiently sanitize user supplied input submitted to the "TITLE" and "BODY" field of the unspecified scripts. CMS Builder 2.14 is vulnerable; other versions may also be affected.
• Ref: http://secunia.com/advisories/48227 http://packetstormsecurity.org/files/110368/CMS-Builder-2.14-Cross-Site-Scriptin
  g.html http://www.securityfocus.com/bid/52261/discuss

• 12.10.20 - CVE: Not Available
• Platform: Web Application
• Title: Open Realty "select_users_template" Parameter Local File Include
• Description: Open Realty is a PHP-based web application. The application is exposed to a local file include issue because it fails to properly sanitize user supplied input to the "select_users_template" parameter of "index.php" script. Open Realty version 2.5.8 is vulnerable; other versions may also be affected.
• Ref: http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi http://www.securityfocus.com/bid/52296/discuss

• 12.10.21 - CVE: Not Available
• Platform: Web Application
• Title: Symfony2 XML Parsing Local File Disclosure
• Description: Symfony2 is a framework for building web-based applications. Symfony2 is exposed to a local file disclosure issue that affects the "XMLEncoder" component when parsing XML. Symfony2 2.0.10 and prior versions are affected.
• Ref: http://www.securityfocus.com/bid/52302/discuss http://www.senseofsecurity.com.au/advisories/SOS-12-002.pdf

• 12.10.22 - CVE: Not Available
• Platform: Web Application
• Title: MantisBT Multiple Security Bypass Vulnerabilities
• Description: MantisBT is a web-based bug management application. MantisBT is exposed to multiple security bypass issues. See reference for further details. MantisBT versions prior to 1.2.9 are affected.
• Ref: http://www.mantisbt.org/bugs/changelog_page.php?version_id=140 http://www.securityfocus.com/bid/52313/discuss

• 12.10.23 - CVE: CVE-2012-0371
• Platform: Network Device
• Title: Cisco Wireless LAN Controller Multiple Vulnerabilities
• Description: Cisco Wireless LAN Controller is used to control various wireless LAN functions. Cisco Wireless LAN Controller is exposed to multiple security issues. See reference for further details. Cisco 2000 Series WLC, Cisco 2100 Series WLC, Cisco 2500 Series WLC, Cisco 4100 Series WLC, Cisco 4400 Series WLC, Cisco 5500 Series WLC, Cisco 500 Series Wireless Express Mobility Controllers, Cisco Wireless Services Modules (WiSM), Cisco Wireless Services Modules version 2 (WiSM version 2), Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs), Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs), Cisco Catalyst 3750G Integrated WLCs and Cisco Flex 7500 Series Cloud Controllers are affected.
• Ref: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20
  120229-wlc

• 12.10.24 - CVE: CVE-2012-0331,CVE-2012-0330
• Platform: Hardware
• Title: Cisco TelePresence Video Communication Server Session Denial of Service Vulnerabilities
• Description: Cisco TelePresence Video Communication Server is a telepresence management system using policy services integration and dial plan configuration. The server is exposed to multiple denial of service issues when handling specially crafted Session Initiation Protocol (SIP) packets through ports 5060 or 5061. Cisco TelePresence Video Communication Server versions prior to X7.0.1 are affected.
• Ref: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20
  120229-vcs http://www.securityfocus.com/bid/52214/discuss

(c) 2012. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit https://www.sans.org/account