2 Days Left to Save $250 on SANS Chicago 2014

@RISK: The Consensus Security Vulnerability Alert

Volume: XI, Issue: 5
February 3, 2012

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 3
    • Linux
    • 2
    • Cross Platform
    • 9 (#1,#2)
    • Web Application - Cross Site Scripting
    • 2
    • Web Application - SQL Injection
    • 1
    • Web Application
    • 5
    • Network Device
    • 1
    • Hardware
    • 2

************************************************************************** TRAINING UPDATE --SANS Monterey 2012, Monterey, CA January 30-February 4, 2012 6 courses. Bonus evening presentations include Who Do You Trust? SSL and TLS Under Attack; and IOS Programming Demo. http://www.sans.org/monterey-2012/ --SANS Phoenix 2012, Phoenix, AZ February 13-18, 2012 6 courses. Bonus evening presentations include Desktop Betrayal: Exploiting Clients Through the Features They Demand; and Windows Exploratory Surgery with Process Hacker. http://www.sans.org/phoenix-2012/ --SANS Secure Singapore 2012, Singapore, Singapore March 5-17, 2012 5 courses. Bonus evening presentations include Introduction to Windows Memory Analysis; and Why Our Defenses are Failing Us: One Click is All It Takes ... http://www.sans.org/singapore-2012/ -- SANS Mobile Device Security Summit: The Growing and Constantly Changing Challenge, Nashville, TN Summit: March 12-13, 2012; Post-Summit Courses: March 14-15, 2012 Mobile device security experts and practitioners from organizations that have implemented successful programs will discuss the most promising approaches to this new and evolving challenge. http://www.sans.org/mobile-device-security-summit-2012/ --SANS 2012, Orlando, FL March 23-29, 2012 40 courses. Bonus evening presentations include Exploiting Vulnerabilities: 60 Minutes from Discovery to Exploit; Evolving Threats; and Harbinger of Evil: The Forensic Art of Finding Malware. http://www.sans.org/sans-2012/ --SANS Northern Virginia 2012, Reston, VA April 15-20, 2012 7 courses. Bonus evening presentations include Linux Forensics for Non-Linux Folks; and Who Do You Trust? SSL and TLS Under Attack http://www.sans.org/northern-virginia-2012/ --SANS Cyber Guardian 2012, Baltimore, MD April 30-May 7, 2012 11 courses. Bonus evening presentations include Ninja Assessments: Stealth Security testing for Organizations; and Adjusting Our Defenses for 2012. http://www.sans.org/cyber-guardian-2012/ --Looking for training in your own community? http://www.sans.org/community/ Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/discounts.php#current Plus Bangalore, San Francisco, Stuttgart, Nashville, and Abu Dhabi all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
    Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
    Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
    Third Party Windows Apps
    Linux
    Cross Platform
    Web Application - Cross Site Scripting
    Web Application - SQL Injection
    Web Application
    Network Device
    Hardware

    **************************** Sponsored Link: ***************************

    1) SANS Analyst webcast! Password Sharing: Root of All Evil Join senior SANS Analyst, J. Michael Butler and learn how to protect shared passwords in mixed server environments http://www.sans.org/info/98451 ************************************************************************

    PART I Critical Vulnerabilities

    PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

    *************************************************************

    Widely Deployed Software
    Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
    Week 5, 2012

    Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 13127 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________


    • 12.5.1 - CVE: Not Available
    • Platform: Third Party Windows Apps
    • Title: Trend Micro DataArmor and DriveArmor Pre-boot Local Privilege Escalation
    • Description: DataArmor and DriveArmor are data encryption products. DataArmor and DriveArmor are exposed to an unspecified local privilege escalation issue that occurs in the pre-boot environment. Trend Micro DriveArmor versions 3.0.0.x prior to 3.0.0.439 and Trend Micro DataArmor versions 3.0.1x prior to 3.0.12.861 are affected.
    • Ref: http://esupport.trendmicro.com/solution/en-us/1060043.aspx


    • 12.5.3 - CVE: Not Available
    • Platform: Third Party Windows Apps
    • Title: PDF-XChange pdfSaver ActiveX Multiple Buffer Overflow Vulnerabilities
    • Description: PDF-XChange is an application for converting documents to PDF files. The application is exposed to multiple stack-based buffer overflow issues that affect the PDF-Saver Technology. Specifically, this issue affects the "pdfxctrl.dll" PDF Printer Preferences ActiveX control. The issue occurs because the application fails to sanitize user-supplied input submitted to the "sub_path" item of the "StoreInRegistry" function and the "sub_key" item of the "InitFromRegistry" function. PDF-XChange pdfSaver ActiveX 3.60.0128 is vulnerable and other versions may also be affected.
    • Ref: http://xforce.iss.net/xforce/xfdb/72774 http://www.securityfocus.com/bid/51712/discuss

    • 12.5.4 - CVE: CVE-2012-0814
    • Platform: Linux
    • Title: Debian Openssh Server Forced Command Handling Information Disclosure
    • Description: Debian openssh server is software that provides encrypted communications through the SSH protocol. The package is exposed to an information disclosure issue. Specifically, the issue occurs because the sever sends the information about configured forced commands to the client when the verbose switch is used. This can help an attacker to disclose usernames for tools such as gitolite that are dependent upon forced commands. Debian openssh-server 1:5.5p1-6+squeeze1 is affected and other versions may also be vulnerable.
    • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 http://www.securityfocus.com/bid/51702/references

    • 12.5.5 - CVE: CVE-2012-0813
    • Platform: Linux
    • Title: Wicd "wicd/configmanager.py" Local Information Disclosure
    • Description: Wicd (Wireless Interface Connection Daemon) is a tool used for establishing wired and wireless network connections for Linux. The application is exposed to a local information disclosure issue. Specifically, this issue occurs because the Wicd daemon writes sensitive information such as passwords and passphrases in the log files. Wicd 1.7.1~b3-3 is vulnerable and other versions may also be affected.
    • Ref: http://www.securityfocus.com/bid/51703/references

    • 12.5.6 - CVE: CVE-2012-0395
    • Platform: Cross Platform
    • Title: EMC NetWorker Unspecified Buffer Overflow
    • Description: EMC NetWorker is a centralized data protection system available for multiple operating systems. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue only affects EMC NetWorker Server hosts. EMC NetWorker Server 7.5.x and 7.6.x are affected.
    • Ref: http://www.securityfocus.com/archive/1/521374


    • 12.5.8 - CVE: CVE-2012-0068,CVE-2012-0067,CVE-2012-0066
    • Platform: Cross Platform
    • Title: Wireshark Buffer Underflow and Denial of Service Vulnerabilities
    • Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic. The application is exposed to multiple issues. A denial of service issue exists because the application fails to properly check record sizes for "5Views", "i4b" and "netmon" packet capture file formats. A denial of service issue exists because of an integer overflow error when handling the IPTrace capture file format. A buffer underflow issue exists because of an error in the LANalyzer dissector. Specifically, the application fails to properly handle specially crafted LANalyzer packet capture files. Wireshark versions 1.4.0 through 1.4.10 and 1.6.0 through 1.6.4 are vulnerable.
    • Ref: http://www.wireshark.org/security/wnpa-sec-2012-01.html http://www.securityfocus.com/bid/51710/references

    • 12.5.9 - CVE: CVE-2012-0817
    • Platform: Cross Platform
    • Title: Samba Memory Leak Local Denial Of Service
    • Description: Samba allows users to share files and printers between operating systems on UNIX and Windows platforms. The application is exposed to a local denial of service issue. Specifically, this issue occurs in "smbd" daemon due to a memory leak error while handling connection requests. Samba versions 3.6.0 through 3.6.2 are affected.
    • Ref: http://www.samba.org/samba/security/CVE-2012-0817

    • 2012-0809 - CVE: CVE
    • Platform: Cross Platform
    • Title: Todd Miller Sudo "Sudo_Debug()" Path Resolution Local Privilege Escalation
    • Description: Todd Miller "sudo" is a widely used Linux/UNIX command that allows users to securely run commands as the superuser or as other users. The utility is exposed to a local privilege escalation issue due to a format string error that affects the "sudo_debug()" function of the "sudo.c" source file. This issue affects "sudo" 1.8.0 up to and including 1.8.3p1.
    • Ref: http://www.sudo.ws/sudo/alerts/sudo_debug.html

    • 12.5.11 - CVE:CVE-2011-3952,CVE-2011-3951,CVE-2011-3950,CVE-2011-3949,CVE-2011-3947,CVE-2011-3946,CVE-2011-3945,CVE-2011-3944,CVE-2011-3941,CVE-2011-3940,CVE-2011-3937,CVE-2011-3936,CVE-2011-3935,CVE-2011-3934,CVE-2011-3929
    • Platform: Cross Platform
    • Title: FFmpeg Multiple Remote Vulnerabilities
    • Description: FFmpeg is a multimedia player. The application is exposed to multiple remote issues, see reference for detailed information. FFmpeg versions prior to 0.10 are vulnerable.
    • Ref: http://ffmpeg.org/security.html


    • 12.5.13 - CVE: CVE-2012-0818
    • Platform: Cross Platform
    • Title: RESTEasy JaxB XML Entity References Information Disclosure
    • Description: RESTEasy is a JBoss module that provides frameworks to build RESTful Web Services and RESTful Java applications. The application is exposed to an information disclosure issue when processing JaxB XML data. This issue can be exploited by sending specially crafted JaxB XML data, including external entity references. RESTEasy version 2.3.1 is affected.
    • Ref: https://issues.jboss.org/browse/RESTEASY-637 http://www.securityfocus.com/bid/51766/references


    • 12.5.15 - CVE: Not Available
    • Platform: Web Application - Cross Site Scripting
    • Title: Mibew Messenger Multiple Cross-Site Scripting Vulnerabilities
    • Description: Mibew Messenger is a web messenger implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input submitted to the following scripts and parameters: "/operator/ban.php" : "address", "threadid", "/operator/settings.php" : "geolinkparams", "/operator/settings.php" : "title", "chattitle". Mibew Messenger 1.6.4 is vulnerable and other versions may also be affected.
    • Ref: http://www.securityfocus.com/bid/51723/references http://www.codseq.it/advisories/mibew_messenger_multiple_xss http://secunia.com/advisories/47787

    • 12.5.16 - CVE: Not Available
    • Platform: Web Application - Cross Site Scripting
    • Title: Hitachi JP1/IT Desktop Management Manager Unspecified Cross-Site Scripting
    • Description: Hitachi JP1/IT Desktop Management is used to centrally manage all the IT assets. The application is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. Hitachi JP1/IT Desktop Management Manager 09-50 is vulnerable.
    • Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-004/inde
      x.html

    • 12.5.17 - CVE: Not Available
    • Platform: Web Application - SQL Injection
    • Title: Campaign Enterprise "SID" Parameter SQL Injection
    • Description: Campaign Enterprise is an email marketing application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input submitted to the "SID" parameter of the "/Command" script before using it in an SQL query. Campaign Enterprise 11.0.421 is vulnerable and other versions may also be affected.
    • Ref: http://www.securityfocus.com/bid/51724/discuss http://packetstormsecurity.org/files/109243/campaignenterprise-sql.txt

    • 12.5.18 - CVE: CVE-2012-0021
    • Platform: Web Application
    • Title: Apache HTTP Server mod_log_config Denial Of Service
    • Description: Apache HTTP Server is exposed to a denial of service issue that affects the "mod_log_config" module. Specifically, if a "%{cookiename}C" log format string is used, a remote attacker could crash the application by sending a specially crafted cookie. Apache HTTP Server versions 2.2.17, 2.2.18, 2.219, 2.2.20 and 2.2.21 are affected.
    • Ref: http://httpd.apache.org/security/vulnerabilities_22.html

    • 12.5.19 - CVE: Not Available
    • Platform: Web Application
    • Title: PEEL SHOPPING SQL Injection and Cross-Site Scripting Vulnerabilities
    • Description: PEEL SHOPPING is a web-based e-commerce application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. Multiple cross-site scripting issues affect the following scripts and parameters: "index.php/achat/recherche.php" : "motclef", "index.php" : "PHP_SELF". An SQL injection issue affects the "id" parameter of the "administrer/tva.php" script. PEEL SHOPPING versions 2.8 and 2.9 are affected and other versions may also be vulnerable.
    • Ref: http://www.securityfocus.com/bid/51700/discuss http://packetstormsecurity.org/files/109130/peelshopping-sqlxss.txt

    • 12.5.20 - CVE: Not Available
    • Platform: Web Application
    • Title: OSClass Multiple Remote Vulnerabilities
    • Description: OSClass is a PHP-based web application. The application is exposed to multiple remote issues because it fails to sufficiently sanitize user-supplied input. Multiple SQL injection issues affect the "id" parameter of the "index.php" script, when performing the "edit_category_post" and "enable_category" actions. A remote file include issue affects the "file" parameter of the "index.php" script in the "osc_downloadFile()" function. A cross-site scripting issue affects the "id" parameter of the "index.php" script. OSClass 2.3.4 is vulnerable and other versions may also be affected.
    • Ref: http://osclass.org/2012/01/16/osclass-2-3-5/ http://www.securityfocus.com/bid/51721/references


    • 12.5.22 - CVE: Not Available
    • Platform: Web Application
    • Title: HostBill PHP Code Injection
    • Description: HostBill is billing software for online businesses. The application is exposed to an issue that lets attackers inject arbitrary PHP code. The issue is caused by an error when processing the subject field of submitted tickets. HostBill versions prior to 3.1.2 are vulnerable.
    • Ref: http://hostbillapp.com/changelog/ http://www.securityfocus.com/bid/51763/references


    • 12.5.24 - CVE: Not Available
    • Platform: Hardware
    • Title: Syneto Unified Threat Management Cross-Site Request Forgery
    • Description: Syneto Unified Threat Management is a security appliance. The appliance is exposed to a cross-site request forgery issue because the application does not properly validate HTTP requests. Syneto Unified Threat Management 1.3.3 CE and 1.4.2 are vulnerable and other versions may also be affected.
    • Ref: http://www.vulnerability-lab.com/get_content.php?id=373 http://www.securityfocus.com/bid/51707/references

    • 12.5.25 - CVE: Not Available
    • Platform: Hardware
    • Title: Fortigate UTM WAF Appliance Cross-Site Scripting and HTML Injection Vulnerabilities
    • Description: Fortigate UTM WAF Appliance is a security appliance. The appliance is exposed to multiple cross-site scripting and HTML injection issues because it fails to properly sanitize user-supplied input to the UTM WAF Web Application Interface. Fortinet FortiGate 800, 620B, 5000, 3950, 3810A, 3600A, 311B, 310B, 3016B, 300A, 224B, 200B and 1240B are affected.
    • Ref: http://vulnerability-lab.com/get_content.php?id=144 http://www.securityfocus.com/bid/51708/info

    (c) 2012. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

    Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit https://www.sans.org/account