@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Oracle Java Multiple Security Vulnerabilities
• (2) HIGH: Mozilla Firefox png_decompress_chunk Integer Overflow
• (3) HIGH: Adobe Flash Player Multiple Security Vulnerabilities
• (4) MEDIUM: Google Chrome Multiple Security Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 12.8.1 - R2/Extreme Stack Based Buffer Overflow and Directory Traversal Vulnerabilities
• 12.8.2 - 7T AQUIS DLL Loading Arbitrary Code Execution
• 12.8.3 - VOXTRONIC Voxlog Professional Multiple Security Vulnerabilities
• 12.8.4 - ELBA Multiple Security Vulnerabilities
• 12.8.5 - Jeskola Buzz Memory Corruption and Multiple Buffer Overflow Vulnerabilities
• 12.8.6 - Psycle Multiple Buffer Overflow Vulnerabilities

Linux

• 12.8.7 - Endian Firewall Multiple Cross-Site Scripting Vulnerabilities

Cross Platform

• 12.8.8 - Google Chrome Prior to 17.0.963.56 Multiple Security Vulnerabilities
• 12.8.9 - Adobe Flash Player Multiple Vulnerabilities
• 12.8.10 - Jenkins Multiple HTML Injection Vulnerabilities
• 12.8.11 - Novell GroupWise Messenger Stack-Based Buffer Overflow and Heap Memory Corruption
• 12.8.12 - Skype Windows/Linux Communication Handling Denial of Service
• 12.8.13 - SAP NetWeaver Multiple Vulnerabilities
• 12.8.14 - IBM WebSphere Lombardi Edition "Coach" Script HTML Injection

Web Application - Cross Site Scripting

• 12.8.15 - SQL Buddy Multiple Cross-Site Scripting
• 12.8.16 - WebsiteBaker HTTP "Referer" Header Cross-Site Scripting Vulnerabilities
• 12.8.17 - Dolphin Multiple Cross-Site Scripting Vulnerabilities

Web Application - SQL Injection

• 12.8.18 - TestLink Multiple SQL Injection Vulnerabilities

Web Application

• 12.8.19 - Pandora FMS "sec2" Parameter Local File Include
• 12.8.20 - Mitra Iranian CMS "manager.php" Remote Arbitrary File Upload
• 12.8.21 - Oxwall Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
• 12.8.22 - Invision Power Board Unspecified HTML Injection

Network Device

• 12.8.23 - SecureSphere Web Application Firewall Username HTML Injection
• 12.8.24 - Mercury MR804 Router Multiple HTTP Header Fields Denial of Service Vulnerabilities
• 12.8.25 - Linksys WAG54GS Wireless Router Cross-Site Request Forgery

Hardware

• 12.8.26 - UTC Fire & Security GE-MC100-NTP/GPS-ZB Default Credentials Authentication Bypass

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

*************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 8, 2012

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 13306 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 12.8.1 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: R2/Extreme Stack Based Buffer Overflow and Directory Traversal Vulnerabilities
• Description: R2/Extreme is a plugin for the WinAmp music player. The application is exposed to multiple issues. A stack-based buffer overflow issue affects the application when processing a specially crafted "File" command. A directory traversal issue affects the application when processing a specially crafted "File" command. R2/Extreme 1.65 is vulnerable; other versions may also be affected.
• Ref: http://aluigi.org/adv/r2_1-adv.txt http://www.securityfocus.com/bid/52061/discuss

• 12.8.2 - CVE: CVE-2012-0224
• Platform: Third Party Windows Apps
• Title: 7T AQUIS DLL Loading Arbitrary Code Execution
• Description: 7T AQUIS is a water network simulation platform for improving system design and operation. The application is exposed to an issue that allows attackers to execute arbitrary code. The issue arises because the application searches for an unspecified Dynamic Link Library file in the current working directory. Using the application to open the associated file will cause the malicious library file to be executed. AQUIS 1.5 and prior versions are affected.
• Ref: http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-01.pdf

• 12.8.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: VOXTRONIC Voxlog Professional Multiple Security Vulnerabilities
• Description: VOXTRONIC is an application for digital speech and data recording. The application is exposed to multiple issues. A local file disclosure issue affects the "get.php" script. Multiple SQL injection issues affect the "userlogdetail.php" script. VOXTRONIC Voxlog Professional 3.7.2.729 and 3.7.0.633 are vulnerable; other versions may also be affected.
• Ref: https://www.sec-consult.com/files/20120220-0_voxlog_professional_multiple_critic
  al_vulnerabilities.txt http://www.securityfocus.com/bid/52081/discuss

• 12.8.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: ELBA Multiple Security Vulnerabilities
• Description: ELBA is a banking application. The application is exposed to multiple security issues. An SQL injection issue affects the application because it fails to properly validate the account group name before creating an account group. An information disclosure issue exists because the application doesn't properly encrypt usernames. A denial of service issue exists. ELBA versions 5.4.1 and 5.5.0 are vulnerable; other versions may also be affected.
• Ref: https://www.sec-consult.com/files/20120220-1_ELBA5_multiple_vulnerabilities.txt http://www.securityfocus.com/bid/52082/discuss

• 12.8.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Jeskola Buzz Memory Corruption and Multiple Buffer Overflow Vulnerabilities
• Description: Jeskola Buzz is a free modular software-based synthesizer. The application is exposed to an arbitrary memory corruption issue and multiple buffer overflow issues. Buzz Build 1458 is vulnerable; other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/52089/discuss http://aluigi.org/adv/buzz_1-adv.txt

• 12.8.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Psycle Multiple Buffer Overflow Vulnerabilities
• Description: Psycle is a modular music creation application. Psycle is exposed to multiple buffer overflow issues because it fails to properly bounds check user supplied data. A heap-based buffer overflow issue affects the application when parsing specially crafted PATD data structures. A buffer overflow issue affects the application when parsing specially crafted SNGI structures. A heap-based buffer overflow issue affects the application when parsing specially crafted SNGI structures. Psycle 1.10.0 and prior versions are vulnerable; other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/52092/discuss http://aluigi.org/adv/psycle_1-adv.txt

• 12.8.7 - CVE: Not Available
• Platform: Linux
• Title: Endian Firewall Multiple Cross-Site Scripting Vulnerabilities
• Description: Endian Firewall is a firewall application. Endian Firewall is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the following scripts and parameters: "dnat.cgi": "createrule", "dansguardian.cgi": "addrule", "openvpn_users.cgi". Endian UTM Firewall v2.4.x is affected.
• Ref: http://www.vulnerability-lab.com/get_content.php?id=436 http://www.securityfocus.com/bid/52076/discuss

• 12.8.8 - CVE:CVE-2011-3027,CVE-2011-3026,CVE-2011-3025,CVE-2011-3024,CVE-2011-3023,CVE-2011-3022,CVE-2011-3021,CVE-2011-3020,CVE-2011-3019,CVE-2011-3018,CVE-2011-3017,CVE-2011-3016,CVE-2011-3015
• Platform: Cross Platform
• Title: Google Chrome Prior to 17.0.963.56 Multiple Security Vulnerabilities
• Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to multiple security issues. See reference for further details. Versions prior to Chrome 17.0.963.56 are affected.
• Ref: googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html http://www.securityfocus.com/bid/52031/discuss

• 12.8.9 - CVE: CVE-2012-0751, CVE-2012-0752, CVE-2012-0753,CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-076711.1.102.55 and earlier versions are affected.
• Platform: Cross Platform
• Title: Adobe Flash Player Multiple Vulnerabilities
• Description: Adobe Flash Player is a multimedia application for multiple platforms. Adobe Flash Player is exposed to multiple security issues. See reference for further details. Adobe Flash Player
• Ref: http://www.adobe.com/support/security/bulletins/apsb12-03.html

• 12.8.10 - CVE: Not Available
• Platform: Cross Platform
• Title: Jenkins Multiple HTML Injection Vulnerabilities
• Description: Jenkins is a web server application. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input passed to the "Description" and other unspecified fields. Jenkins versions 1.408 through 1.451 are vulnerable; other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/52055/discuss

• 12.8.11 - CVE: Not Available
• Platform: Cross Platform
• Title: Novell GroupWise Messenger Stack-Based Buffer Overflow and Heap Memory Corruption
• Description: Novell GroupWise Messenger is a corporate instant messaging application for multiple platforms. The application is based on Novell eDirectory. Novell GroupWise Messenger client is exposed to a stack-based buffer overflow issue and a heap memory corruption issue. Novell GroupWise Messenger versions 2.1.0 and prior are vulnerable; other versions may also be affected.
• Ref: http://aluigi.org/adv/nim_1-adv.txt http://aluigi.org/adv/nmma_1-adv.txt http://www.securityfocus.com/bid/52056/discuss http://www.securityfocus.com/bid/52062/discuss

• 12.8.12 - CVE: Not Available
• Platform: Cross Platform
• Title: Skype Windows/Linux Communication Handling Denial of Service
• Description: Skype is peer to peer communications software that supports internet based voice communications. The application is exposed to a denial of service issue that occurs when handling specially crafted transfers/communication processes from a Linux client to a Windows client. Skype 5.6.59.10 is vulnerable and other versions may also be affected.
• Ref: http://www.vulnerability-lab.com/get_content.php?id=315 http://www.securityfocus.com/bid/52067/discuss

• 12.8.13 - CVE: Not Available
• Platform: Cross Platform
• Title: SAP NetWeaver Multiple Vulnerabilities
• Description: SAP NetWeaver is an integration platform for enterprise applications. SAP NetWeaver is exposed to multiple security issues. See reference for further details. SAP NetWeaver version 7.0 is vulnerable; other versions may also be affected.
• Ref: http://secunia.com/advisories/47861/ http://www.securityfocus.com/bid/52101/discuss

• 12.8.14 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM WebSphere Lombardi Edition "Coach" Script HTML Injection
• Description: IBM WebSphere Lombardi Edition is a unified business process management environment for collaborative process improvement. IBM WebSphere Lombardi Edition is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input submitted through input controls within coaches before using it in dynamically generated content. WebSphere Lombardi Edition 7.2 is vulnerable; other versions may also be affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1IC79890 http://www.securityfocus.com/bid/52104/discuss http://secunia.com/advisories/48055

• 12.8.15 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: SQL Buddy Multiple Cross-Site Scripting
• Description: SQL Buddy is a web-based MySQL administration application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input submitted to the "HOST", "USER", and "DATABASE" parameters of the "login.php" script and "db" parameter of the "dboverview.php" script. SQL Buddy 1.3.3 is vulnerable; other versions may also be affected.
• Ref: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5074.php http://www.securityfocus.com/bid/52066/discuss

• 12.8.16 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: WebsiteBaker HTTP "Referer" Header Cross-Site Scripting Vulnerabilities
• Description: WebsiteBaker is a content management system. The application is exposed to cross-site scripting issues because it fails to sanitize user supplied input submitted through the HTTP "Referer" header in the "/search/index.php" and "/account/forgot.php" scripts. WebsiteBaker 2.8.2 SP2 is vulnerable and other versions may be affected.
• Ref: http://www.securityfocus.com/archive/1/521698 http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt http://www.securityfocus.com/bid/52087/discuss

• 12.8.17 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Dolphin Multiple Cross-Site Scripting Vulnerabilities
• Description: Dolphin is a web-based content manager implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Dolphin 7.0.7 and prior versions are affected.
• Ref: http://yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xss http://www.securityfocus.com/bid/52088/discuss

• 12.8.18 - CVE: CVE-2012-0939,CVE-2012-0938
• Platform: Web Application - SQL Injection
• Title: TestLink Multiple SQL Injection Vulnerabilities
• Description: TestLink is a PHP-based testing suite. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in an SQL query. TestLink versions 1.8.5b and 1.9.3 are vulnerable and other versions may also be affected.
• Ref: http://www.securityfocus.com/archive/1/521706

• 12.8.19 - CVE: Not Available
• Platform: Web Application
• Title: Pandora FMS "sec2" Parameter Local File Include
• Description: Pandora FMS is a web-based application implemented in PHP. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input submitted to the "sec2" parameter of the "index.php" script. Pandora FMS 4.0.1 is vulnerable and other versions may also be affected.
• Ref: http://www.vulnerability-lab.com/get_content.php?id=435 http://www.securityfocus.com/bid/52058/discuss

• 12.8.20 - CVE: Not Available
• Platform: Web Application
• Title: Mitra Iranian CMS "manager.php" Remote Arbitrary File Upload
• Description: Mitra Iranian CMS is a PHP-based content management system. The application is exposed to a remote arbitrary file upload issue because it fails to sufficiently sanitize user-supplied input. Specifically, a malicious PHP file named with a ".JPG", ".GIF" or ".PNG" extension can be uploaded through the "manager.php" script. Mitra Iranian CMS versions 3.0.3 is vulnerable; other versions may also be affected.
• Ref: http://secunia.com/advisories/48057/

• 12.8.21 - CVE: CVE-2012-0872
• Platform: Web Application
• Title: Oxwall Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
• Description: Oxwall is a software package for building social networks, family sites and collaboration systems. The application is exposed to multiple HTML injection issues and multiple cross-site scripting issues. Oxwall 1.1.1 and prior versions are vulnerable and other versions may also be affected.
• Ref: http://www.securityfocus.com/archive/1/521709 http://yehg.net/lab/pr0js/advisories/%5BOxWall_1.1.1%5D_xss

• 12.8.22 - CVE: Not Available
• Platform: Web Application
• Title: Invision Power Board Unspecified HTML Injection
• Description: Invision Power Board is a web-based forum application implemented in PHP. The application is exposed to an unspecified HTML injection issue because it fails to sufficiently sanitize user-supplied input. Invision Power Board 3.x is affected.
• Ref: http://community.invisionpower.com/topic/357387-ipboard-security-update/ http://www.securityfocus.com/bid/52097/discuss

• 12.8.23 - CVE: CVE-2011-4887
• Platform: Network Device
• Title: SecureSphere Web Application Firewall Username HTML Injection
• Description: Imperva SecureSphere Web Application is a firewall device. The Firewall is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input. This issue affects the "username" field. SecureSphere Web Application Firewall 9.0 is affected.
• Ref: http://www.imperva.com/resources/adc/adc_advisories_response_secureworks_CVE-201
  1-4887.html http://www.securityfocus.com/bid/52064/discuss

• 12.8.24 - CVE: Not Available101220 is affected.
• Platform: Network Device
• Title: Mercury MR804 Router Multiple HTTP Header Fields Denial of Service Vulnerabilities
• Description: Mercury MR804 is a router device. Mercury MR804 is exposed to multiple denial of service issues. Specifically, these issues occur because it fails to handle malformed HTTP header fields such as "If-Modified-Since", "If-None-Match", and "If-Unmodified-Since". Mercury MR804 running version 3.8.1 Build
• Ref: http://www.securityfocus.com/archive/1/521731

• 12.8.25 - CVE: Not Available
• Platform: Network Device
• Title: Linksys WAG54GS Wireless Router Cross-Site Request Forgery
• Description: The Linksys WAG54GS is a wireless ADSL modem and router for domestic use. The router is exposed to a cross-site request forgery issue that affects the "setup.cgi" script. Attackers can exploit this issue by tricking a victim into visiting a malicious web page. The page will consist of specially crafted script code designed to perform some action on the attacker's behalf. Linksys WAG54GS running firmware 1.01.03 is affected.
• Ref: http://www.securityfocus.com/bid/52105/discuss

• 12.8.26 - CVE: Not Available
• Platform: Hardware
• Title: UTC Fire & Security GE-MC100-NTP/GPS-ZB Default Credentials Authentication Bypass
• Description: UTC Fire & Security GE-MC100-NTP/GPS-ZB is a master clock device. The device is exposed to a remote authentication bypass issue. This issue occurs because the device contains default login credentials for the administrator account. An attacker can exploit this issue to view or change system configuration files or other sensitive data.
• Ref: http://www.kb.cert.org/vuls/id/707254

(c) 2012. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit https://www.sans.org/account