@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) MEDIUM: Mozilla Firefox Multiple Security Vulnerabilities
• (2) MEDIUM: Symantec PCAnywhere Buffer Overflow

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 12.5.1 - Trend Micro DataArmor and DriveArmor Pre-boot Local Privilege Escalation
• 12.5.2 - RSA enVision Environmental Variable Information Disclosure
• 12.5.3 - PDF-XChange pdfSaver ActiveX Multiple Buffer Overflow Vulnerabilities

Linux

• 12.5.4 - Debian Openssh Server Forced Command Handling Information Disclosure
• 12.5.5 - Wicd "wicd/configmanager.py" Local Information Disclosure

Cross Platform

• 12.5.6 - EMC NetWorker Unspecified Buffer Overflow
• 12.5.7 - Limit My Call Remote Unauthorized Access
• 12.5.8 - Wireshark Buffer Underflow and Denial of Service Vulnerabilities
• 12.5.9 - Samba Memory Leak Local Denial Of Service
• 2012-0809 - Todd Miller Sudo "Sudo_Debug()" Path Resolution Local Privilege Escalation
• 12.5.11 - FFmpeg Multiple Remote Vulnerabilities
• 12.5.12 - HP Network Automation Remote Unauthorized Access
• 12.5.13 - RESTEasy JaxB XML Entity References Information Disclosure
• 12.5.14 - Mozilla Firefox/SeaMonkey/Thunderbird Multiple Vulnerabilities

Web Application - Cross Site Scripting

• 12.5.15 - Mibew Messenger Multiple Cross-Site Scripting Vulnerabilities
• 12.5.16 - Hitachi JP1/IT Desktop Management Manager Unspecified Cross-Site Scripting

Web Application - SQL Injection

• 12.5.17 - Campaign Enterprise "SID" Parameter SQL Injection

Web Application

• 12.5.18 - Apache HTTP Server mod_log_config Denial Of Service
• 12.5.19 - PEEL SHOPPING SQL Injection and Cross-Site Scripting Vulnerabilities
• 12.5.20 - OSClass Multiple Remote Vulnerabilities
• 12.5.21 - FishEye and Crucible Webwork 2 Framework Remote Code Injection
• 12.5.22 - HostBill PHP Code Injection

Network Device

• 12.5.23 - D-Link DIR-601 TFTP Server Directory Traversal

Hardware

• 12.5.24 - Syneto Unified Threat Management Cross-Site Request Forgery
• 12.5.25 - Fortigate UTM WAF Appliance Cross-Site Scripting and HTML Injection Vulnerabilities

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

*************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 5, 2012

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 13127 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 12.5.1 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Trend Micro DataArmor and DriveArmor Pre-boot Local Privilege Escalation
• Description: DataArmor and DriveArmor are data encryption products. DataArmor and DriveArmor are exposed to an unspecified local privilege escalation issue that occurs in the pre-boot environment. Trend Micro DriveArmor versions 3.0.0.x prior to 3.0.0.439 and Trend Micro DataArmor versions 3.0.1x prior to 3.0.12.861 are affected.
• Ref: http://esupport.trendmicro.com/solution/en-us/1060043.aspx

• 12.5.2 - CVE: CVE-2011-4143
• Platform: Third Party Windows Apps
• Title: RSA enVision Environmental Variable Information Disclosure
• Description: RSA enVision is a system for collecting and analyzing log data. The application is exposed to an information disclosure issue because it fails to properly handle an environment variable. RSA enVision versions 4.x are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/521375 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4143

• 12.5.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: PDF-XChange pdfSaver ActiveX Multiple Buffer Overflow Vulnerabilities
• Description: PDF-XChange is an application for converting documents to PDF files. The application is exposed to multiple stack-based buffer overflow issues that affect the PDF-Saver Technology. Specifically, this issue affects the "pdfxctrl.dll" PDF Printer Preferences ActiveX control. The issue occurs because the application fails to sanitize user-supplied input submitted to the "sub_path" item of the "StoreInRegistry" function and the "sub_key" item of the "InitFromRegistry" function. PDF-XChange pdfSaver ActiveX 3.60.0128 is vulnerable and other versions may also be affected.
• Ref: http://xforce.iss.net/xforce/xfdb/72774 http://www.securityfocus.com/bid/51712/discuss

• 12.5.4 - CVE: CVE-2012-0814
• Platform: Linux
• Title: Debian Openssh Server Forced Command Handling Information Disclosure
• Description: Debian openssh server is software that provides encrypted communications through the SSH protocol. The package is exposed to an information disclosure issue. Specifically, the issue occurs because the sever sends the information about configured forced commands to the client when the verbose switch is used. This can help an attacker to disclose usernames for tools such as gitolite that are dependent upon forced commands. Debian openssh-server 1:5.5p1-6+squeeze1 is affected and other versions may also be vulnerable.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 http://www.securityfocus.com/bid/51702/references

• 12.5.5 - CVE: CVE-2012-0813
• Platform: Linux
• Title: Wicd "wicd/configmanager.py" Local Information Disclosure
• Description: Wicd (Wireless Interface Connection Daemon) is a tool used for establishing wired and wireless network connections for Linux. The application is exposed to a local information disclosure issue. Specifically, this issue occurs because the Wicd daemon writes sensitive information such as passwords and passphrases in the log files. Wicd 1.7.1~b3-3 is vulnerable and other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/51703/references

• 12.5.6 - CVE: CVE-2012-0395
• Platform: Cross Platform
• Title: EMC NetWorker Unspecified Buffer Overflow
• Description: EMC NetWorker is a centralized data protection system available for multiple operating systems. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue only affects EMC NetWorker Server hosts. EMC NetWorker Server 7.5.x and 7.6.x are affected.
• Ref: http://www.securityfocus.com/archive/1/521374

• 12.5.7 - CVE: CVE-2011-4703
• Platform: Cross Platform
• Title: Limit My Call Remote Unauthorized Access
• Description: Limit My Call is an application for limiting the duration of outgoing calls for mobile devices using the Android operating system. The application is exposed to a remote unauthorized access issue. Limit My Call 2.11 is vulnerable and other versions may also be affected.
• Ref: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4703 http://www.securityfocus.com/bid/51693/references

• 12.5.8 - CVE: CVE-2012-0068,CVE-2012-0067,CVE-2012-0066
• Platform: Cross Platform
• Title: Wireshark Buffer Underflow and Denial of Service Vulnerabilities
• Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic. The application is exposed to multiple issues. A denial of service issue exists because the application fails to properly check record sizes for "5Views", "i4b" and "netmon" packet capture file formats. A denial of service issue exists because of an integer overflow error when handling the IPTrace capture file format. A buffer underflow issue exists because of an error in the LANalyzer dissector. Specifically, the application fails to properly handle specially crafted LANalyzer packet capture files. Wireshark versions 1.4.0 through 1.4.10 and 1.6.0 through 1.6.4 are vulnerable.
• Ref: http://www.wireshark.org/security/wnpa-sec-2012-01.html http://www.securityfocus.com/bid/51710/references

• 12.5.9 - CVE: CVE-2012-0817
• Platform: Cross Platform
• Title: Samba Memory Leak Local Denial Of Service
• Description: Samba allows users to share files and printers between operating systems on UNIX and Windows platforms. The application is exposed to a local denial of service issue. Specifically, this issue occurs in "smbd" daemon due to a memory leak error while handling connection requests. Samba versions 3.6.0 through 3.6.2 are affected.
• Ref: http://www.samba.org/samba/security/CVE-2012-0817

• 2012-0809 - CVE: CVE
• Platform: Cross Platform
• Title: Todd Miller Sudo "Sudo_Debug()" Path Resolution Local Privilege Escalation
• Description: Todd Miller "sudo" is a widely used Linux/UNIX command that allows users to securely run commands as the superuser or as other users. The utility is exposed to a local privilege escalation issue due to a format string error that affects the "sudo_debug()" function of the "sudo.c" source file. This issue affects "sudo" 1.8.0 up to and including 1.8.3p1.
• Ref: http://www.sudo.ws/sudo/alerts/sudo_debug.html

• 12.5.11 - CVE:CVE-2011-3952,CVE-2011-3951,CVE-2011-3950,CVE-2011-3949,CVE-2011-3947,CVE-2011-3946,CVE-2011-3945,CVE-2011-3944,CVE-2011-3941,CVE-2011-3940,CVE-2011-3937,CVE-2011-3936,CVE-2011-3935,CVE-2011-3934,CVE-2011-3929
• Platform: Cross Platform
• Title: FFmpeg Multiple Remote Vulnerabilities
• Description: FFmpeg is a multimedia player. The application is exposed to multiple remote issues, see reference for detailed information. FFmpeg versions prior to 0.10 are vulnerable.
• Ref: http://ffmpeg.org/security.html

• 12.5.12 - CVE: CVE-2011-4790
• Platform: Cross Platform
• Title: HP Network Automation Remote Unauthorized Access
• Description: HP Network Automation is an application for managing network data. The application is exposed to an unauthorized access issue. HP Network Automation 7.2, 7.5, 7.6, 9.0 and 9.10 are vulnerable.
• Ref: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0
  3171149&ac.admitted=1328063432282.876444892.199480143

• 12.5.13 - CVE: CVE-2012-0818
• Platform: Cross Platform
• Title: RESTEasy JaxB XML Entity References Information Disclosure
• Description: RESTEasy is a JBoss module that provides frameworks to build RESTful Web Services and RESTful Java applications. The application is exposed to an information disclosure issue when processing JaxB XML data. This issue can be exploited by sending specially crafted JaxB XML data, including external entity references. RESTEasy version 2.3.1 is affected.
• Ref: https://issues.jboss.org/browse/RESTEASY-637 http://www.securityfocus.com/bid/51766/references

• 12.5.14 - CVE:CVE-2012-0445,CVE-2012-0447,CVE-2011-3659,CVE-2012-0442,CVE-2012-0443,CVE-2012-0444,CVE-2012-0449,CVE-2012-0446
• Platform: Cross Platform
• Title: Mozilla Firefox/SeaMonkey/Thunderbird Multiple Vulnerabilities
• Description: Mozilla Firefox, SeaMonkey and Thunderbird are exposed to multiple security issues. See references for detailed information. Firefox versions 3.6.x prior to 3.6.26 and other versions prior to 10.0, Thunderbird versions 3.1.x prior to 3.1.18 and other versions prior to 10.0, SeaMonkey 2.7 are affected.
• Ref: http://www.mozilla.org/security/announce/2012/mfsa2012-06.html http://www.mozilla.org/security/announce/2012/mfsa2012-04.html http://www.mozilla.org/security/announce/2012/mfsa2012-01.html http://www.mozilla.org/security/announce/2012/mfsa2012-07.html http://www.mozilla.org/security/announce/2012/mfsa2012-08.html http://www.mozilla.org/security/announce/2012/mfsa2012-05.html http://www.mozilla.org/security/announce/2012/mfsa2012-03.html

• 12.5.15 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Mibew Messenger Multiple Cross-Site Scripting Vulnerabilities
• Description: Mibew Messenger is a web messenger implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input submitted to the following scripts and parameters: "/operator/ban.php" : "address", "threadid", "/operator/settings.php" : "geolinkparams", "/operator/settings.php" : "title", "chattitle". Mibew Messenger 1.6.4 is vulnerable and other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/51723/references http://www.codseq.it/advisories/mibew_messenger_multiple_xss http://secunia.com/advisories/47787

• 12.5.16 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Hitachi JP1/IT Desktop Management Manager Unspecified Cross-Site Scripting
• Description: Hitachi JP1/IT Desktop Management is used to centrally manage all the IT assets. The application is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. Hitachi JP1/IT Desktop Management Manager 09-50 is vulnerable.
• Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-004/inde
  x.html

• 12.5.17 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Campaign Enterprise "SID" Parameter SQL Injection
• Description: Campaign Enterprise is an email marketing application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input submitted to the "SID" parameter of the "/Command" script before using it in an SQL query. Campaign Enterprise 11.0.421 is vulnerable and other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/51724/discuss http://packetstormsecurity.org/files/109243/campaignenterprise-sql.txt

• 12.5.18 - CVE: CVE-2012-0021
• Platform: Web Application
• Title: Apache HTTP Server mod_log_config Denial Of Service
• Description: Apache HTTP Server is exposed to a denial of service issue that affects the "mod_log_config" module. Specifically, if a "%{cookiename}C" log format string is used, a remote attacker could crash the application by sending a specially crafted cookie. Apache HTTP Server versions 2.2.17, 2.2.18, 2.219, 2.2.20 and 2.2.21 are affected.
• Ref: http://httpd.apache.org/security/vulnerabilities_22.html

• 12.5.19 - CVE: Not Available
• Platform: Web Application
• Title: PEEL SHOPPING SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: PEEL SHOPPING is a web-based e-commerce application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. Multiple cross-site scripting issues affect the following scripts and parameters: "index.php/achat/recherche.php" : "motclef", "index.php" : "PHP_SELF". An SQL injection issue affects the "id" parameter of the "administrer/tva.php" script. PEEL SHOPPING versions 2.8 and 2.9 are affected and other versions may also be vulnerable.
• Ref: http://www.securityfocus.com/bid/51700/discuss http://packetstormsecurity.org/files/109130/peelshopping-sqlxss.txt

• 12.5.20 - CVE: Not Available
• Platform: Web Application
• Title: OSClass Multiple Remote Vulnerabilities
• Description: OSClass is a PHP-based web application. The application is exposed to multiple remote issues because it fails to sufficiently sanitize user-supplied input. Multiple SQL injection issues affect the "id" parameter of the "index.php" script, when performing the "edit_category_post" and "enable_category" actions. A remote file include issue affects the "file" parameter of the "index.php" script in the "osc_downloadFile()" function. A cross-site scripting issue affects the "id" parameter of the "index.php" script. OSClass 2.3.4 is vulnerable and other versions may also be affected.
• Ref: http://osclass.org/2012/01/16/osclass-2-3-5/ http://www.securityfocus.com/bid/51721/references

• 12.5.21 - CVE: Not Available
• Platform: Web Application
• Title: FishEye and Crucible Webwork 2 Framework Remote Code Injection
• Description: FishEye is a web-based bug tracking application. Crucible is a web-based application used for code review. The applications are exposed to an arbitrary code injection issue because the Webwork 2 framework fails to properly sanitize certain unspecified user-supplied input. FishEye versions prior to 2.7.9 or 2.6.7, Crucible versions prior to 2.7.9 or 2.6.7 are affected.
• Ref: http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Ad
  visory+2012-01-31 http://www.securityfocus.com/bid/51762/references

• 12.5.22 - CVE: Not Available
• Platform: Web Application
• Title: HostBill PHP Code Injection
• Description: HostBill is billing software for online businesses. The application is exposed to an issue that lets attackers inject arbitrary PHP code. The issue is caused by an error when processing the subject field of submitted tickets. HostBill versions prior to 3.1.2 are vulnerable.
• Ref: http://hostbillapp.com/changelog/ http://www.securityfocus.com/bid/51763/references

• 12.5.23 - CVE: CVE-2011-4821
• Platform: Network Device
• Title: D-Link DIR-601 TFTP Server Directory Traversal
• Description: D-Link DIR-601 is a wireless router. The router is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input in TFTP requests. D-Link DIR-601 1.02NA is vulnerable and other versions may be affected.
• Ref: http://www.securityfocus.com/archive/1/521369 http://xforce.iss.net/xforce/xfdb/72696 http://www.securityfocus.com/bid/51659

• 12.5.24 - CVE: Not Available
• Platform: Hardware
• Title: Syneto Unified Threat Management Cross-Site Request Forgery
• Description: Syneto Unified Threat Management is a security appliance. The appliance is exposed to a cross-site request forgery issue because the application does not properly validate HTTP requests. Syneto Unified Threat Management 1.3.3 CE and 1.4.2 are vulnerable and other versions may also be affected.
• Ref: http://www.vulnerability-lab.com/get_content.php?id=373 http://www.securityfocus.com/bid/51707/references

• 12.5.25 - CVE: Not Available
• Platform: Hardware
• Title: Fortigate UTM WAF Appliance Cross-Site Scripting and HTML Injection Vulnerabilities
• Description: Fortigate UTM WAF Appliance is a security appliance. The appliance is exposed to multiple cross-site scripting and HTML injection issues because it fails to properly sanitize user-supplied input to the UTM WAF Web Application Interface. Fortinet FortiGate 800, 620B, 5000, 3950, 3810A, 3600A, 311B, 310B, 3016B, 300A, 224B, 200B and 1240B are affected.
• Ref: http://vulnerability-lab.com/get_content.php?id=144 http://www.securityfocus.com/bid/51708/info

(c) 2012. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit https://www.sans.org/account