Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VIII, Issue: 50
December 10, 2009

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • -------------------------- ----------------------------------------
    • Windows
    • 2 (#9, #10)
    • Microsoft Office
    • 1 (#6)
    • Other Microsoft Products
    • 7 (#1, #2, #4)
    • Third Party Windows Apps
    • 3
    • Mac Os
    • 1
    • Linux
    • 5
    • BSD
    • 1
    • Solaris
    • 1
    • Novell
    • 2 (#5, #7, #8)
    • Cross Platform
    • 18 (#3)
    • Web Application - Cross Site Scripting
    • 6
    • Web Application - SQL Injection
    • 5
    • Web Application
    • 17
    • Network Device
    • 1

********************** Sponsored By Breaking Point **********************

5 Keys to Harden Security Devices Against Evasions

Evasions techniques separate the professional hacker from the vandal and are used to bypass security measures on every type of device. Are you 100% confident your IPS, firewall and other security devices will stand up to increasingly sophisticated evasions? Join BreakingPoint security researchers for this free webcast.

https://www.sans.org/info/52089

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
BSD
Solaris
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************************************************************* TRAINING UPDATE - -- SANS Security East 2010, New Orleans, January 10-18, 2010 19 courses, bonus evening presentations: Top 7 Trends in Incident Response and Computer Forensics, Advanced Forensic Techniques and more https://www.sans.org/security-east-2010/

- -- SANS AppSec 2010, San Francisco, January 29-February 5, 2010 https://www.sans.org/appsec-2010/

- -- SANS Phoenix, February 14 -February 20, 2010 https://www.sans.org/phoenix-2010/

- -- SANS 2010, Orlando, March 6 - March 15, 2010 https://www.sans.org/sans-2010/

Looking for training in your own community? http://sans.org/community/ Save on On-Demand training (30 full courses)

- See samples at : https://www.sans.org/ondemand/

Plus Ottawa, Tokyo and Bangalore all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems.

Widely Deployed Software
  • (2) CRITICAL: Microsoft Office Project Memory Validation Vulnerability (MS09-074)
  • Affected:
    • Microsoft Project 2000 Service Release 1
    • Microsoft Project 2002 Service Pack 1
    • Microsoft Office Project 2003 Service Pack 3

  • Description: Microsoft Office Project, a project management software package, has a vulnerability that can be trigger by specially crafted Project files. The vulnerability is caused due to improper validation of memory allocation resources while opening malicious Project files. Successful exploitation might allow an attacker to execute arbitrary code in the context of the logged on user. To exploit this flaw, an attacker can take any of the following actions: (a) Create a webpage that downloads a malicious Microsoft Project file from a server, and entice an attacker to visit this webpage. (b) Send an email with a specially crafted Microsoft Project file as an attachment and convince the user to open it. Full technical details for this vulnerability are not publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) CRITICAL: Microsoft Windows Intel Indeo Codec Multiple Vulnerabilities
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems

  • Description: Indeo video, a codec from Intel, is used to decompress media files that are used in Windows Media Player. Multiple vulnerabilities have been reported in Indeo which can be triggered by a video stream with malicious data. There are a couple of boundary errors in Indeo41 codec which will result in buffer overflows. And some unspecified errors have been reported that might result in memory corruption. Successful exploitation might allow an attacker to execute arbitrary code with the privileges of the logged on user. Some technical details of some of the vulnerabilities are publicly available.

  • Status: Vendor confirmed, no updates available.

  • References:
  • (4) CRITICAL: Microsoft Internet Authentication Service Multiple Vulnerabilities (MS09-071)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista and Windows Vista Service Pack 1
    • Windows Vista Service Pack 2
    • Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
    • Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems*
    • Windows Server 2008 for 32-bit Systems Service Pack 2*
    • Windows Server 2008 for x64-based Systems*
    • Windows Server 2008 for x64-based Systems Service Pack 2*
    • Windows Server 2008 for Itanium-based Systems
    • Windows Server 2008 for Itanium-based Systems Service Pack 2

  • Description: Internet Authentication Service (IAS), a Microsoft implementation of Remote Authentication Dial-in User Service (RADIUS) server, has been reported with two vulnerabilities. The first issue is caused by an error in handling Protected Extensible Authentication Protocol (PEAP) authentication requests. This might lead to memory corruption and thus allow an attacker to execute arbitrary code remotely. The second issue is an escalation of privilege vulnerability and can be triggered by a specially crafted Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) authentication request. Some technical details for the vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) CRITICAL: Novell iPrint Client Multiple Buffer Overflow Vulnerabilities
  • Affected:
    • Novell iPrint Client 5.x

  • Description: Novell iPrint is a network printing system for multiple networks and operating systems. Two vulnerabilities have been reported in Novell iPrint Client and they can be triggered by a specially crafted web page. The first issue is a stack-buffer overflow vulnerability caused by an error in "ienipp.ocx" while parsing "target-frame" parameter. The second issue is a buffer overflow vulnerability caused by an error while parsing certain time related information. Successful exploitation in each of the cases might lead to arbitrary code execution. Some technical details for the vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (6) HIGH: Microsoft WordPad and Office Text Converter Memory Corruption Vulnerability (MS09-073)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Microsoft Office 2003 Service Pack 3
    • Microsoft Office XP Service Pack 3
    • Microsoft Office Converter Pack
    • Microsoft Works 8.5

  • Description: Text Converter in WordPad is on systems that are not installed with Microsoft Office, to open Microsoft Word document file formats. A memory corruption vulnerability has been reported in the text converter for Word 97 in the way it parses Word 97 document. A specially crafted Word 97 document can be used to trigger this vulnerability. Successful exploitation might allow an attacker to execute arbitrary code with the privileges of the logged on user. To exploit this flaw, an attacker can take any of the following actions: (a) Create a webpage that downloads a malicious Word 97 file from a server, and entice an attacker to visit this webpage. (b) Send an email with a specially crafted Word 97 file as an attachment and convince the user to open it. Some technical details for the vulnerability are publicly available.

  • Status: Vendor not confirmed, updates available.

  • References:
  • (8) HIGH: HP Application Recovery Manager Buffer Overflow Vulnerability
  • Affected:
    • HP OpenView Data Protector Application Recovery Manager 6.0
    • HP OpenView Data Protector Application Recovery Manager 5.50

  • Description: HP Application Recovery Manager (AppRM) is a software to backup and restore business application data in the event of an outage. A buffer overflow vulnerability has been reporter in AppRM and it can be triggered by a specially crafted MSG_PROTOCOL packets. The flaw is in the OmniInet process as it does not properly handle MSG_PROTOCOL (0x010b) packets. Successful exploitation might allow an attacker to execute arbitrary code. Some technical details for the vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (9) MODERATE: Windows Active Directory Federation Services Multiple Vulnerabilities (MS09-070)
  • Affected:
    • Windows Server 2003 Service Pack 2[1]
    • Windows Server 2003 x64 Edition Service Pack 2[2]
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*

  • Description: Active Directory Federation Services (AD FS) is Web single-sign-on (SSO) technology that is used to authenticate a user to multiple Web application over a single session. Two vulnerabilities have been identified in AD FS and one of them can be triggered by a specially crafted HTTP request to an server with ADFS enabled. The first issue is a spoofing vulnerability caused by insufficient session management validation in ADFS. Successful exploitation might allow an attacker to impersonate another user. The second issue is an error in ADFS caused by improper validation of HTTP requests coming from authenticated clients. Successful exploitation might allow an attacker execute arbitrary code in the context of the affected application. Some technical details for the vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (10) LOW: Microsoft Windows LSASS Denial of Service Vulnerability (MS09-069)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems

  • Description: Local Security Authority Subsystem Service (LSASS) is used for managing local security and domain authentication for the client and the server. A denial of service vulnerability has been reported in Microsoft Windows LSASS and it can be triggered by a specially crafted ISAKMP message. The specific flaw is in LSASS as it does not handle malformed ISAKMP messages that are communicated through IPsec correctly. Successful exploitation might allow an attacker to consume CPU resources. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 50, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7743 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 09.50.1 - CVE: CVE-2009-2508
  • Platform: Windows
  • Title: Microsoft Windows Active Directory Single Sign On Authentication Spoofing
  • Description: Microsoft Active Directory Federated Services (ADFS) is a single sign-on (SSO) technology for authenticating users to web-based applications. ADFS is exposed to an authentication spoofing issue because it fails to properly implement session management validation. This issue affects authentication tokens for SSO web sites.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-070.mspx
  • 09.50.2 - CVE: CVE-2009-3675
  • Platform: Windows
  • Title: Microsoft Windows LSASS ISAKMP Message Remote Denial of Service
  • Description: Microsoft Windows Local Security Authority Subsystem Service (LSASS) is a security mechanism that handles local security and login policies. LSASS is exposed to a remote denial of service issue that occurs when handling a specially crafted Internet Security Association and Key Management Protocol (ISAKMP) message that contains malformed packets while communicating through IPsec.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-069.mspx
  • 09.50.3 - CVE: CVE-2009-2506
  • Platform: Microsoft Office
  • Title: Microsoft WordPad and Office Text Converters Word 97 File Parsing Memory Corruption
  • Description: WordPad Text Converter and Office Text Converter are components installed by default so that some applications can open Word documents if Word isn't installed. The components are prone to a remote memory corruption issue because the software fails to properly parse specially crafted Word 97 files.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-073.mspx
  • 09.50.4 - CVE: CVE-2009-3671
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer (CVE-2009-3671) Uninitialized Memory Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when the browser displays a malicious web page. This issue occurs because of an error when accessing an object that has been incorrectly initialized or deleted. Specifically, this issue is caused by an error when handling unspecified HTML tags, which may result in a call to a dangling pointer.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-086/
  • 09.50.5 - CVE: CVE-2009-2505
  • Platform: Other Microsoft Products
  • Title: Microsoft Protected Extensible Authentication Protocol Memory Corruption
  • Description: Internet Authentication Service (IAS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS). The implementation of PEAP used by Microsoft's IAS is exposed to a remote memory corruption issue because the application fails to properly validate authentication requests.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-071.mspx
  • 09.50.6 - CVE: CVE-2009-3677
  • Platform: Other Microsoft Products
  • Title: Microsoft Protected Extensible Authentication Protocol Authentication Bypass
  • Description: Internet Authentication Service (IAS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS). The implementation of PEAP used by Microsoft's IAS is exposed to an authentication bypass vulnerability because the application fails to properly validate MS-CHAPS v2 authentication requests.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-071.mspx
  • 09.50.7 - CVE: CVE-2009-0102
  • Platform: Other Microsoft Products
  • Title: Microsoft Project Invalid Resource Memory Allocation Remote Code Execution
  • Description: Microsoft Project is a project management application for the Microsoft Windows operating system. Project is exposed to a remote code execution issue that occurs when the application allocates memory resources while opening a Project file.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-074.mspx
  • 09.50.8 - CVE: CVE-2009-3673
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer CSS Race Condition Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when the browser displays a malicious web page. This issue occurs because of an error when accessing an object that has been incorrectly initialized or deleted. Specifically, the vulnerability is related to the handling of CSS (Cascading Style Sheet) data, and caused by a race condition which can be triggered by rapidly clicking between two page elements.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-072.mspx
  • 09.50.9 - CVE: CVE-2009-3674
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer (CVE-2009-3674) Uninitialized Memory Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when the browser displays a malicious webpage. This issue occurs because of an error when accessing an object that has been incorrectly initialized or deleted.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-072.mspx
  • 09.50.10 - CVE: CVE-2009-2509
  • Platform: Other Microsoft Products
  • Title: Microsoft Active Directory Federation Services Header Validation Remote Code Execution
  • Description: Microsoft Active Directory Federated Services (ADFS) is a single sign on (SSO) technology for authenticating users to web-based applications. ADFS is exposed to a remote code execution issue because it fails to properly validate request headers when an authenticated user logs in to a web server.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-070.mspx
  • 09.50.11 - CVE: CVE-2009-1567
  • Platform: Third Party Windows Apps
  • Title: Photobox Uploader ActiveX Control URL Parsing Stack Buffer Overflow
  • Description: Photobox Uploader is an ActiveX control which allows uploading of files to a remote server. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue is caused by an error in the parsing of URLs, and can be triggered by accessing the "LogURL", "ConnectURL", "SkinURL", "AlbumCreateURL", "ErrorURL", or "httpsinglehost" properties. Photobox Uploader version 2.2.0.6 is affected.
  • Ref: http://www.larts.co.uk/Software/Uploader.html
  • 09.50.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Xfig and Transfig ".fig" File Buffer Overflow
  • Description: Xfig is a drawing application for the X Window System. Transfig is an application used to generate TeX documents. The applications are exposed to a buffer overflow issue because they fail to perform adequate boundary checks on user-supplied input. This issue occurs when handling specially crafted ".fig" files. Xfig and Transfig versions 3.2.5 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559274
  • 09.50.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Kingsoft Internet Security Archive Parsing Denial of Service Vulnerabilities
  • Description: Kingsoft Internet Security is an antivirus application for Microsoft Windows platforms. The application is exposed to multiple denial of service issues. An attacker can exploit these issues by supplying malicious CAB and ARJ archive files. Kingsoft Internet Security version 9 is affected.
  • Ref: http://www.securityfocus.com/bid/37247
  • 09.50.14 - CVE: CVE-2009-2843
  • Platform: Mac Os
  • Title: Apple Mac OS X Java Applet Certificate Validation Security Bypass
  • Description: Apple Mac OS X is exposed to a security bypass issue that affects Java. Specifically, an expired certificate for a Java applet may be treated as valid. Successfully exploiting this issue allows attackers to bypass certain security restrictions and trick users into running untrusted Java applets with the privileges of trusted applets. Mac OS X version v10.5.8, Mac OS X Server v10.5.8 and Mac OS X v10.6.2, Mac OS X Server v10.6.2 are affected.
  • Ref: http://www.securityfocus.com/bid/37206
  • 09.50.15 - CVE: Not Available
  • Platform: Linux
  • Title: QEMU Virtio Networking Remote Denial of Service
  • Description: 3QEMU is exposed to a remote denial of service issue that occurs because QEMU fails to properly setup the virtio networking feature available for guest operating systems.
  • Ref: http://www.securityfocus.com/bid/37201
  • 09.50.16 - CVE: CVE-2009-3722
  • Platform: Linux
  • Title: Linux Kernel KVM "handle_dr()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue that affects the Kernel based Virtual Machine (KVM) subsystem. Specifically, the issue exists in the "handle_dr" function in the "arch/x86/kvm/vmx.c" file because the kernel does not properly verify the Current Privilege Level (CPL) before accessing a debug register. The Linux kernel versions prior to 2.6.31.1 are affected.
  • Ref: http://marc.info/?l=oss-security&m=125678631403558&w=2
  • 09.50.17 - CVE: CVE-2009-1298
  • Platform: Linux
  • Title: Linux Kernel "ip_frag_reasm()" Null Pointer Deference Remote Denial of Service
  • Description: Linux Kernel is exposed to a remote denial of service issue due to a NULL pointer dereference error. This issue occurs in the "ip_frag_reasm()" function of the "net/ipv4/ip_fragment.c" source file when handling malformed IPv4 network packets.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6
  • 09.50.18 - CVE: Not Available
  • Platform: Linux
  • Title: gnome-screensaver Timeout Security Bypass
  • Description: gnome-screensaver is a screen saver application. gnome-screensaver is exposed to a security bypass issue that occurs because the screen saver does not re-enable itself after applications requested it to ignore idle timers. This may cause the screen to remain unlocked after the inactivity timeout has been reached.
  • Ref: http://www.securityfocus.com/bid/37240
  • 09.50.19 - CVE: CVE-2009-4033
  • Platform: Linux
  • Title: Red Hat acpid "/var/log/acpid" Log File Permissions Local Privilege Escalation
  • Description: Red Hat Enterprise Linux is an operating system distribution. The "acpid" daemon is an ACPI (Advanced Configuration and Power Interface) policy daemon for Linux. The version of acpid distributed with Red Hat Enterprise Linux is exposed to a local privilege escalation issue. Specifically, the log file may be created with random permissions. This issue is the result of an error introduced in a Red Hat specific patch.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=542926
  • 09.50.20 - CVE: Not Available
  • Platform: BSD
  • Title: FreeBSD "freebsd-update" Utility Insecure Directory Permissions
  • Description: The "freebsd-update" utility is used to fetch, install, and rollback updates to the FreeBSD base system, and to upgrade to new FreeBSD releases. The utility is exposed to an insecure directory permissions issue when downloading updates, the utility copies files to the current working directory, which is readable by all local users.
  • Ref: http://www.securityfocus.com/archive/1/508179
  • 09.50.21 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris IP(7p) Race Condition Remote Denial of Service
  • Description: Sun Solaris is exposed to a remote denial of service issue because it fails to prevent a race condition. The issue occurs in the IP(7p) kernel module. A remote unprivileged user may exploit this issue to panic the vulnerable kernel, effectively denying service to legitimate users.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-268189-1
  • 09.50.22 - CVE: CVE-2009-0895
  • Platform: Novell
  • Title: Novell eDirectory "NDS Verb 0x1" Request Heap Based Buffer Overflow
  • Description: Novell eDirectory is software for identity management and security. The application is exposed to a buffer overflow issue due to an integer overflow error when handling user data. Specifically, the issue occurs when a malformed "NDS Verb 0x1" request is processed. Novell eDirectory versions 8.7.3.10 ftf1 and 8.8.5 ftf1 and earlier are affected.
  • Ref: http://www.novell.com/support/viewContent.do?externalId=7004912
  • 09.50.23 - CVE: CVE-2009-1568, CVE-2009-1569
  • Platform: Novell
  • Title: Novell iPrint Client Remote Buffer Overflow Vulnerabilities
  • Description: Novell iPrint Client is a client application for printing over the internet. The application is exposed to remote stack-based buffer overflow issues because it fails to perform adequate checks on user-supplied input. Attackers may exploit these issues to execute arbitrary code. Novell iPrint Client version 5.30 is affected.
  • Ref: http://www.securityfocus.com/archive/1/508288
  • 09.50.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: InterSystems Cache "UtilConfigHome.csp" Remote Stack Buffer Overflow
  • Description: InterSystems Cache is a post relational database. The application is exposed to a remote stack-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. This issue affects the "csp/sys/mgr/UtilConfigHome.csp" script. InterSystems Cache version 2009.1 is affected.
  • Ref: http://www.securityfocus.com/bid/37177
  • 09.50.25 - CVE: CVE-2009-2686
  • Platform: Cross Platform
  • Title: HP NonStop Server Unspecified Privilege Escalation
  • Description: HP NonStop Server provides 24/7 application availability. The server is exposed to an unspecified privilege escalation issue. Local attackers may exploit this issue to obtain sensitive information, cause denial of service conditions, or execute arbitrary code with elevated privileges and compromise a computer. Ref: https://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01923646&admit=109447627+1260224668689+28353475
  • 09.50.26 - CVE: CVE-2009-1566
  • Platform: Cross Platform
  • Title: Roxio Creator Image Parsing Integer Overflow
  • Description: Roxio Creator is a program for manipulating images. Roxio Creator is exposed to an integer overflow issue. Specifically, the issue causes memory corruption when allocating memory based on the dimensions of the image. Roxio Creator version 9.0.136 is affected.
  • Ref: http://secunia.com/secunia_research/2009-38/
  • 09.50.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Portal Server Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Sun Java System Portal Server is a Java-based framework for developing web applications. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Java System Portal Server versions 6.3.1, 7.1, and 7.2 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-269368-1
  • 09.50.28 - CVE: CVE-2009-4148
  • Platform: Cross Platform
  • Title: DAZ Studio Scripting Support Remote Command Execution
  • Description: DAZ Studio is a 3D modeling application available for multiple operating platforms. The software is exposed to a remote command execution issue because it fails to properly handle specially crafted files. Specifically, ".ds", ".dsa", ".dse", and ".dsb" files may contain scripting code which may execute when the file is opened.
  • Ref: http://www.securityfocus.com/archive/1/508192
  • 09.50.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Illustrator Encapsulated Postscript File Remote Buffer Overflow
  • Description: Adobe Illustrator is a graphics application available for Microsoft Windows and Mac OS X. Illustrator is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, overly long DSC comments in Encapsulated PostScript (".eps") files may corrupt memory. Illustrator CS4 version 14.0.0 and CS3 13.0.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/508175
  • 09.50.30 - CVE: CVE-2009-4211
  • Platform: Cross Platform
  • Title: Security Readiness Review Evaluation Scripts Local Privilege Escalation
  • Description: Department of Defense Security Readiness Review (SRR) Evaluation Scripts are a tool used to help evaluate systems for security. The scripts are exposed to a local privilege escalation issue as the scripts will test the version of various applications located on the system being evaluated.
  • Ref: http://www.securityfocus.com/archive/1/508188
  • 09.50.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Corel Paint Shop Pro PNG File Handling Remote Buffer Overflow
  • Description: Corel Paint Shop Pro is an application for processing images. The application is exposed to a remote stack-based buffer overflow issue that occurs because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue by enticing a user to open a malicious PNG file in an affected application. Corel Paint Shop Pro version 8 is affected.
  • Ref: http://www.securityfocus.com/bid/37204
  • 09.50.32 - CVE: CVE-2009-3994
  • Platform: Cross Platform
  • Title: DevIL DICOM File Handling Remote Buffer Overflow
  • Description: DevIL is a library for processing images. The library is exposed to a remote stack-based buffer overflow issue that occurs because it fails to perform adequate boundary checks on user-supplied data. Specifically the issue affects the "GetUID()" function in the "src-IL/src/il_dicom.c" file. DevIL version 1.7.8 is affected.
  • Ref: http://secunia.com/secunia_research/2009-51/
  • 09.50.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Polipo Malformed HTTP GET Request Memory Corruption
  • Description: Polipo is a web proxy server. Polipo is exposed to a memory corruption issue that occurs when handling a malformed HTTP GET request sent via TCP port 8123. Successful exploits may allow remote attackers to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users. Polipo versions 0.9.8 and 1.0.4 are affected.
  • Ref: http://www.securityfocus.com/bid/37226
  • 09.50.34 - CVE: CVE-2009-4053
  • Platform: Cross Platform
  • Title: iWeb Server URL Directory Traversal
  • Description: iWeb Server is an HTTP server application. iWeb Server is exposed to a directory traversal issue because the application fails to sufficiently sanitize directory traversal strings (..%5C) from the URL.
  • Ref: http://www.securityfocus.com/bid/37228
  • 09.50.35 - CVE: CVE-2009-4129
  • Platform: Cross Platform
  • Title: Mozilla Firefox JavaScript "Prompted Message" Spoofing
  • Description: Mozilla Firefox is a web browser available for multiple platforms. Firefox is affected by a spoofing issue caused by a race condition error. This issue can allow a malicious web site to generate a JavaScript "prompted message" such that it appears above a window for a targeted, legitimate domain. Specifically, this issue is triggered when a malicious page redirects to a targeted legitimate page, but is able to generate a JavaScript message before the legitimate page is loaded.
  • Ref: http://www.securityfocus.com/archive/1/508275
  • 09.50.36 - CVE: CVE-2009-4130
  • Platform: Cross Platform
  • Title: Mozilla Firefox "MakeScriptDialogTitle()" URI Spoofing
  • Description: Mozilla Firefox is a web browser available for multiple platforms. Firefox is affected by a spoofing issue that affects the "MakeScriptDialogTitle()" function contained in the "nsGlobalWindow.cpp" source code file. This function is used when generating the URI to display as the title of a popup window.
  • Ref: http://www.securityfocus.com/archive/1/508275
  • 09.50.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VLC Media Player RTSP Remote Buffer Overflow
  • Description: VLC media player is a cross-platform media player that can be used to serve streaming data. VLC media player is exposed to a remote heap based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. This issue occurs when handling malformed RTSP URLs. VLC Media Player version 1.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/37236
  • 09.50.38 - CVE: CVE-2009-3586
  • Platform: Cross Platform
  • Title: CoreHTTP "src/http.c" Buffer Overflow
  • Description: CoreHTTP is an HTTP server implemented in C. It is available for POSIX based operating systems. The application is exposed to a buffer overflow issue that occurs because the "sscanf()" call fails to properly bounds check user-supplied input when writing to both "req[]" and "url[]". By sending an overly long string to the HTTP server (> 256 bytes) upon connection. CoreHTTP version 0.5.3.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/508272
  • 09.50.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM InfoSphere Information Server Multiple Unspecified Buffer Overflow Vulnerabilities
  • Description: IBM InfoSphere Information Server is a data integration software platform. IBM InfoSphere Information Server is exposed to multiple buffer overflow issues caused by unspecified errors. These issues affect DataStage SETUID binaries. IBM InfoSphere Information Server versions prior to 8.1 Fix Pack 1 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21406224
  • 09.50.40 - CVE: CVE-2009-3844
  • Platform: Cross Platform
  • Title: HP OpenView Data Protector Application Recovery Manager Remote Denial of Service
  • Description: HP OpenView Data Protector Application Recovery Manager is a backup and recovery tool. The application is exposed to an unspecified remote denial of service issue. OpenView Data Protector Application Recovery Manager versions 5.50 and 6.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/508292
  • 09.50.41 - CVE: CVE-2009-4210
  • Platform: Cross Platform
  • Title: Intel Indeo Codec Media Content Multiple Buffer Overflow Vulnerabilities
  • Description: Intel Indeo Codec is a codec that decompresses digital media files for use in media application. The codex is installed on Microsoft Windows Media Player. Intel Indeo Codec is exposed to multiple buffer overflow issues because the application fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-089/
  • 09.50.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Yoast Google Analytics for WordPress Plugin 404 Error Page Cross Site Scripting
  • Description: Yoast Google Analytics for WordPress Plugin is a PHP-based application that adds Google Analytics tracking to a WordPress website. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. This issue occurs in the 404 error page. Google Analytics for WordPress Plugin version 3.2.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/508211
  • 09.50.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: YABSoft Advanced Image Hosting Script "search.php" Cross-Site Scripting
  • Description: YABSoft Advanced Image Hosting Script is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "text" parameter of the "search.php" script. Advanced Image Hosting Script version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/37233
  • 09.50.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: YOOtheme Warp5 Joomla! Componenet "yt_color" Parameter Cross-Site Scripting
  • Description: YOOtheme Warp5 is a component for the Joomla! content manager. Warp5 is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "yt_color" parameter of the component.
  • Ref: http://www.securityfocus.com/bid/37239
  • 09.50.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM InfoSphere Information Server Unspecified Cross-Site Scripting
  • Description: IBM InfoSphere Information Server is a data integration software platform. IBM InfoSphere Information Server is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. IBM InfoSphere Information Server versions prior to 8.1 Fix Pack 1 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21406224
  • 09.50.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Barracuda IM Firewall "smtp_test.cgi" Cross-Site Scripting Vulnerabilities
  • Description: Barracuda Spam Firewall is a security device designed to protect email servers. The device is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "email", "hostname" and "default_domain" parameters of the "cgi-bin/smtp_test.cgi" script. Barracuda IM Firewall 620 Firmware version v4.0.01.003 is affected.
  • Ref: http://www.securityfocus.com/bid/37248
  • 09.50.47 - CVE: CVE-2009-4149
  • Platform: Web Application - Cross Site Scripting
  • Title: Computer Associates Service Desk Cross-Site Scripting
  • Description: Computer Associates Service Desk is web-based application used to manage service requests, incidents, problems and changes. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. This issue affects the "webengine" and "freeaccess.spl" files. Service Desk version 12.1 is affected. Ref: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=223999
  • 09.50.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! Joaktree Component "treeId" Parameter SQL Injection
  • Description: Joaktree is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "treeId" parameter of the "com_joaktree" component before using it an SQL query. Joaktree version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/37178
  • 09.50.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Drupal Taxonomy Timer Module SQL Injection
  • Description: Taxonomy Timer is a module for the Drupal content manager that allows expiration dates to be set on taxonomy terms. The module is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
  • Ref: http://drupal.org/node/649396
  • 09.50.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Invision Power Board Local File Include and SQL Injection Vulnerabilities
  • Description: Invision Power Board is a PHP-based bulletin board application. The application is exposed to multiple input validation issues. The attacker can exploit the SQL injection vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Invision Power Board versions 3.0.4 and 2.3.6 are affected.
  • Ref: http://www.securityfocus.com/archive/1/508207
  • 09.50.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 427BB "showpost.php" SQL Injection
  • Description: 427BB is a bulletin board system implemented in PHP with a MySQL backend. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "post" parameter of the "showpost.php" script before using it in an SQL query. 427BB version 2.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/37210
  • 09.50.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Elkagroup Image Gallery "id" Parameter SQL Injection
  • Description: Elkagroup Image Gallery is a web-based photo album application. Elkagroup Image Gallery is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query. Specifically, the application fails to sanitize data supplied to the "id" parameter of the "news/index.php" script.
  • Ref: http://www.securityfocus.com/bid/37229
  • 09.50.53 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! mojoBlog Component Multiple Remote File Include Vulnerabilities
  • Description: mojoBlog is a blogging component for the Joomla! content manager. The component is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "wp-comments-post.php" and "wp-trackback.php" scripts. mojoBlog version RC0.15 is affected.
  • Ref: http://www.securityfocus.com/bid/37179
  • 09.50.54 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyFAQ 2.5.4 and Prior Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: phpMyFAQ is a PHP-based FAQ script. The application is exposed to multiple unspecified cross-site scripting issues because it fails to properly sanitize user-supplied input. phpMyFAQ versions prior to 2.5.5 are affected.
  • Ref: http://www.phpmyfaq.de/advisory_2009-12-01.php
  • 09.50.55 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple Machines Forum Multiple Security Vulnerabilities
  • Description: Simple Machines Forum (SMF) is an open source web forum. The application is exposed to multiple security issues. Simple Machines Forum version 2.0 RC2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/508167
  • 09.50.56 - CVE: Not Available
  • Platform: Web Application
  • Title: Pligg Cross Site Scripting and Request Forgery Remote Vulnerabilities
  • Description: Pligg is a PHP-based content manager. The application is exposed to multiple remote issues. The attacker can exploit these issues to steal cookie-based authentication credentials or perform unauthorized actions when masquerading as the victim. Other attacks are also possible. Pligg versions prior to 1.0.3 are affected.
  • Ref: http://holisticinfosec.org/content/view/130/45/
  • 09.50.57 - CVE: Not Available
  • Platform: Web Application
  • Title: Thatware "root_path" Parameter Multiple Remote File Include Vulnerabilities
  • Description: Thatware is a PHP-based application for publishing news and discussions. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "root_path" parameter. Thatware versions 0.5.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/37191
  • 09.50.58 - CVE: CVE-2009-3304
  • Platform: Web Application
  • Title: GForge Insecure Temporary File Creation
  • Description: GForge is a PHP-based application for managing source code. The application runs certain unspecified scripts that create temporary files in an insecure way. Local users could overwrite arbitrary system files. An attacker with local access could potentially exploit this issue to perform symbolic link attacks, overwriting arbitrary files in the context of the affected application.
  • Ref: http://www.securityfocus.com/bid/37195
  • 09.50.59 - CVE: CVE-2009-3560
  • Platform: Web Application
  • Title: Expat Unspecified XML Parsing Remote Denial of Service
  • Description: Expat is a C library used for parsing XML documents. The Expat library is exposed to a denial of service issue because it fails to handle specially crafted XML data. Exploiting this issue allows remote attackers to cause denial of service conditions in the context of an application using the vulnerable XML parsing library. Expat version 2.0.1 is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1
  • 09.50.60 - CVE: Not Available
  • Platform: Web Application
  • Title: UBB.threads Multiple File Include Vulnerabilities
  • Description: UBB.threads is a PHP-based community solution. The application is exposed to multiple file include issues because it fails to sufficiently sanitize user-supplied input. A local file-include issue affects the "file" parameter of the "ubbthreads.php" script. UBB.threads version 7.5.4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/37205
  • 09.50.61 - CVE: Not Available
  • Platform: Web Application
  • Title: EC-CUBE "LC_Page_Admin_Customer_SearchCustomer.php" Security Bypass
  • Description: EC-CUBE is an open-source application for creating shopping sites. EC-CUBE is exposed to a security-bypass issue due to a design error in the "data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php" script when searching for customer data. EC-CUBE versions prior to 2.4.2 are affected.
  • Ref: http://jvn.jp/en/jp/JVN79762947/index.html
  • 09.50.62 - CVE: Not Available
  • Platform: Web Application
  • Title: LightNEasy fckeditor Arbitrary File Upload
  • Description: LightNEasy is a web-based content manager implemented in PHP. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the "fckeditor" module fails to properly verify upload permissions before uploading files onto the web server. LightNEasy version 3.1 and LightNEasy no database version 2.3 are affected.
  • Ref: http://www.securityfocus.com/bid/37224
  • 09.50.63 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpShop Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: PhpShop is a PHP-based shopping cart application. The application is exposed to multiple input validation issues. PhpShop version 0.8.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/508243
  • 09.50.64 - CVE: Not Available
  • Platform: Web Application
  • Title: AROUNDMe "components/core/connect.php" Remote File Include
  • Description: AROUNDMe is a content management system (CMS). AROUNDMe is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "language_path" parameter of the "components/core/connect.php" script. AROUNDMe version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/37234
  • 09.50.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Sisplet CMS "new.php" Remote File Include
  • Description: Sisplet CMS is a content manager implemented in PHP. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "site_path" parameter of the "new.php" script. Sisplet CMS version 2008-01-25 is affected.
  • Ref: http://www.securityfocus.com/bid/37235
  • 09.50.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Chipmunk Newsletter "admin/addlist.php" Parameter SQL Injection
  • Description: Chipmunk Newsletter is a web-based application. Chipmunk Newsletter is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query. Specifically, the application fails to sanitize data supplied to the "list" parameter of the "admin/addlist.php" script.
  • Ref: http://www.securityfocus.com/bid/37238
  • 09.50.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Shibboleth Redirection URL HTML Injection
  • Description: Shibboleth provides user authentication and authorization based on the Shibboleth Web Single Sign-on system. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before displaying it in a user's browser. Shibboleth versions prior to 2.3 and 1.3.5 are affected.
  • Ref: http://shibboleth.internet2.edu/secadv/secadv_20091104.txt
  • 09.50.68 - CVE: Not Available
  • Platform: Web Application
  • Title: Moodle Multiple Vulnerabilities
  • Description: Moodle is a content manager for online courseware. The application is exposed to multiple issues. Attackers can exploit these issues to bypass certain security restrictions, gain access to sensitive information, perform unauthorized actions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Moodle versions prior to 1.8.11 and 1.9.7 are affected.
  • Ref: http://moodle.org/security/
  • 09.50.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Active! Mail Cross-Site Scripting and Information Disclosure Vulnerabilities
  • Description: Active! Mail is a web-based email application. The application is exposed to multiple input validation issues. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Active! Mail version 2003.0139.0871 is affected.
  • Ref: http://www.securityfocus.com/bid/37252
  • 09.50.70 - CVE: Not Available
  • Platform: Network Device
  • Title: Huawei MT882 Cross-Site Scripting and Information Disclosure Vulnerabilities
  • Description: Huawei MT882 is a wireless router and modem. Huawei MT882 is exposed to multiple remote issues. The attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Huawei MT882 firmware version 3.7.9.98 is affected.
  • Ref: http://www.securityfocus.com/bid/37194

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This course, on the first day, made clear several topics that I had questions on for years. The explanations provided were unlike other information contained on websites and in books
-M. Cook, Arrowhead International

SANS Golden Gate 2013 - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County