@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Adobe Multiple Products Code Execution Vulnerability
• (2) HIGH: Mozilla Firefox Multiple Vulnerabilities
• (3) HIGH: Apple Safari Webkit Code Execution Vulnerability
• (4) HIGH: Google Chrome Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 10.38.1 - Microsoft LSASS ADAM/ADLDS Privilege Escalation
• 10.38.2 - Microsoft MPEG-4 Codec Media File Remote Code Execution
• 10.38.3 - Microsoft Windows and Office Uniscribe Font Parsing Engine Remote Code Execution
• 10.38.4 - Microsoft Windows Print Spooler Service Remote Code Execution
• 10.38.5 - Microsoft Windows RPC Memory Allocation Remote Code Execution
• 10.38.6 - Microsoft WordPad Text Converter Word 97 File Parsing Memory Corruption
• 10.38.7 - Microsoft IIS Repeated Parameter Request Denial of Service
• 10.38.8 - Microsoft Windows CSRSS Memory Allocation Local Privilege Escalation Issue

Third Party Windows Apps

• 10.38.9 - Kingsoft Antivirus "KAVFM.sys" Driver IOCTL Handling Local Privilege Escalation
• 10.38.10 - MailEnable "MESMTRPC.exe" SMTP Service Multiple Remote Denial of Service Vulnerabilities

Linux

• 10.38.11 - Linux Kernel "snd_seq_oss_open()" Multiple Local Memory Corruption Vulnerabilities
• 10.38.12 - openSUSE Novell Client "novfs" Local Buffer Overflow Issue

BSD

• 10.38.13 - FreeBSD "pseudofs" NULL Pointer Dereference Local Privilege Escalation Issue

Aix

• 10.38.14 - IBM AIX Local Privilege Escalation and Security Bypass Issue

Cross Platform

• 10.38.15 - Adobe Acrobat and Reader "CoolType.dll" Remote Code Execution
• 10.38.16 - RSA Access Manager Server Cache Update Security Bypass
• 10.38.17 - RSA Access Manager Agent Security Bypass
• 10.38.18 - HP Data Protector Express Local Privilege Escalation
• 10.38.19 - Apache Traffic Server Remote DNS Cache Poisoning
• 10.38.20 - HP Data Protector Express Local Privilege Escalation
• 10.38.21 - Django CSRF Token HTML Injection
• 10.38.22 - IBM Records Manager Multiple Unspecified Remote Issues
• 10.38.23 - MailScanner "update_virus_scanners" Insecure Lock File Scanner Bypass Issue
• 10.38.24 - IBM Proventia Network Mail Security System Multiple Remote Issues
• 10.38.25 - Wireshark Malformed SNMP V1 Packet Remote Denial of Service Issue
• 10.38.26 - pidgin-knotify "notify()" Remote Command Injection
• 10.38.27 - HP System Management Homepage Unspecified Information Disclosure
• 10.38.28 - Samba SID Parsing Remote Buffer Overflow Issue
• 10.38.29 - IBM Lotus Domino iCalendar Remote Stack Buffer Overflow
• 10.38.30 - IBM Lotus Sametime Connect Web Container Unspecified Issue
• 10.38.31 - Mozilla Firefox "Math.random()" Cross Domain Information Disclosure Issue

Web Application - Cross Site Scripting

• 10.38.32 - Invision Power Board BBCode Cross-Site Scripting
• 10.38.33 - Beehive Forum Multiple Cross-Site Scripting Vulnerabilities
• 10.38.34 - Futomi CGI Cafe Access Analyzer CGI Cross-Site Scripting
• 10.38.35 - NetArt Media Car Portal "y" Parameter Cross-Site Scripting
• 10.38.36 - Open Classifieds Multiple Cross-Site Scripting Vulnerabilities
• 10.38.37 - GNU Mailman Multiple Cross-Site Scripting Vulnerabilities

Web Application - SQL Injection

• 10.38.38 - ASP Nuke "article.asp" SQL Injection

Web Application

• 10.38.39 - CubeCart Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
• 10.38.40 - Symphony SQL Injection and HTML Injection Issue

Network Device

• 10.38.41 - Cisco Wireless LAN Controller Multiple Issues
• 10.38.42 - Nokia E72 Keyboard Password Validation Authentication Bypass

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 38, 2010

Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 10074 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 10.38.1 - CVE: CVE-2010-0820
• Platform: Windows
• Title: Microsoft LSASS ADAM/ADLDS Privilege Escalation
• Description: Microsoft Windows Local Security Authority Subsystem Service is a security mechanism that handles local security and login policies. The application is exposed to a privilege escalation issue that occurs in Active Directory, Active Directory Application Mode, and Active Directory Lightweight Directory Service. The problem occurs when handling malformed LDAP messages through an authenticated session.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-068.mspx

• 10.38.2 - CVE: Not Available
• Platform: Windows
• Title: Microsoft MPEG-4 Codec Media File Remote Code Execution
• Description: Microsoft MPEG-4 codec is exposed to a remote code execution issue. This issue occurs when handling a specially crafted media file.
• Ref: http://www.microsoft.com/technet/security/bulletin/ms10-062.mspx

• 10.38.3 - CVE: CVE-2010-2738
• Platform: Windows
• Title: Microsoft Windows and Office Uniscribe Font Parsing Engine Remote Code Execution
• Description: Microsoft Windows and Office are exposed to a remote code execution issue when handling Uniscribe font data. This issue affects the "usp10.dll" (Unicode Script Processor) component of Windows and Office, which provides functionality related to fonts.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-063.mspx

• 10.38.4 - CVE: CVE-2010-2729
• Platform: Windows
• Title: Microsoft Windows Print Spooler Service Remote Code Execution
• Description: Microsoft Windows is exposed to a remote code execution issue that affects the Print Spooler Service because the Service fails to adequately restrict the locations where users have permissions to print to a file.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-061.mspx

• 10.38.5 - CVE: CVE-2010-2567
• Platform: Windows
• Title: Microsoft Windows RPC Memory Allocation Remote Code Execution
• Description: Microsoft Remote Procedure Call (RPC) is used for creating distributed client/server programs. Microsoft Windows is exposed to a remote code execution issue that occurs when handling a specially crafted RPC response.
• Ref: http://www.securityfocus.com/bid/43119

• 10.38.6 - CVE: CVE-2010-2563
• Platform: Windows
• Title: Microsoft WordPad Text Converter Word 97 File Parsing Memory Corruption
• Description: Microsoft WordPad Text Converter is installed by default to facilitate the opening of Word documents by some applications, even if Word isn't installed. Microsoft WordPad Text Converter is exposed to a remote memory corruption issue because the software fails to properly parse specially crafted fields contained in a Word 97 file.
• Ref: http://www.microsoft.com/technet/security/bulletin/ms10-067.mspx

• 10.38.7 - CVE: CVE-2010-1899, CVE-2010-2730
• Platform: Windows
• Title: Microsoft IIS Repeated Parameter Request Denial of Service
• Description: Microsoft Internet Information Service (IIS) is a web server available for Microsoft Windows. The application is exposed to a remote denial of service issue that arises when the server processes a specially crafted HTTP POST request, which results in a stack overflow condition caused by an excessive use of resources. IIS versions 5.1, 6.0, 7.0, and 7.5 are affected.
• Ref: http://www.microsoft.com/technet/security/bulletin/ms10-065.mspx

• 10.38.8 - CVE: CVE-2010-1891
• Platform: Windows
• Title: Microsoft Windows CSRSS Memory Allocation Local Privilege Escalation Issue
• Description: Microsoft Windows is prone to a local privilege escalation issue. This issue occurs when Microsoft Windows Client/Server Runtime Subsystem fails to sufficiently allocate memory when dealing with specific user transactions.
• Ref: http://www.microsoft.com/technet/security/bulletin/ms10-069.mspx

• 10.38.9 - CVE: Not Available2010.04.26.648 is affected.
• Platform: Third Party Windows Apps
• Title: Kingsoft Antivirus "KAVFM.sys" Driver IOCTL Handling Local Privilege Escalation
• Description: Kingsoft Antivirus is a security application for Microsoft Windows platforms. The application is exposed to a local privilege escalation issue because the "KAVFM.sys" driver fails to properly validate IOCTL requests to the "DeviceIoControl()" win32 call using the "0x80030004" IoControlCode value. Kingsoft Antivirus version
• Ref: http://www.securityfocus.com/bid/43173

• 10.38.10 - CVE: CVE-2010-2580
• Platform: Third Party Windows Apps
• Title: MailEnable "MESMTRPC.exe" SMTP Service Multiple Remote Denial of Service Vulnerabilities
• Description: MailEnable is a commercially available mail server for the Microsoft Windows platform. MailEnable is exposed to multiple denial of service issues that affect the "MESMTRPC.exe" SMTP service. MailEnable versions 4.25 Standard Edition, Professional Edition, and Enterprise Edition are affected.
• Ref: http://www.securityfocus.com/archive/1/513648

• 10.38.11 - CVE: CVE-2010-3080
• Platform: Linux
• Title: Linux Kernel "snd_seq_oss_open()" Multiple Local Memory Corruption Vulnerabilities
• Description: The Linux Kernel is exposed to multiple local memory corruption issues. Specifically, the "snd_seq_oss_open()" variable of the "sound/core/seq/oss/seq_oss_init.c" component is affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3080

• 10.38.12 - CVE: CVE-2010-3110
• Platform: Linux
• Title: openSUSE Novell Client "novfs" Local Buffer Overflow Issue
• Description: OpenSUSE is exposed to a local buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue affects several IOCTLs of the Novell Client (novfs) "/proc" interface, allowing unprivileged local users to crash the kernel or execute code in the kernel context. openSUSE version 11.3 is affected.
• Ref: http://www.securityfocus.com/bid/43071

• 10.38.13 - CVE: Not Available
• Platform: BSD
• Title: FreeBSD "pseudofs" NULL Pointer Dereference Local Privilege Escalation Issue
• Description: FreeBSD is exposed to a local privilege escalation issue that stems from a NULL pointer dereference that occurs in the "pseudofs" filesystem. This issue affects the "pfs_gettattr()" function of the "sys/fs/spseudofs/pseudofs_vnops.c" source file.
• Ref: http://www.securityfocus.com/bid/43060

• 10.38.14 - CVE: Not Available
• Platform: Aix
• Title: IBM AIX Local Privilege Escalation and Security Bypass Issue
• Description: AIX is a UNIX operating system from IBM. AIX is exposed to multiple security issues like local privilege escalation and unspecified security bypass. These issues allows attackers to delete sensitive files from the system.
• Ref: http://www.securityfocus.com/bid/43207

• 10.38.15 - CVE: Not Available
• Platform: Cross Platform
• Title: Adobe Acrobat and Reader "CoolType.dll" Remote Code Execution
• Description: Adobe Reader is an application for handling PDF files. Adobe Reader is exposed to a remote code execution issue due to a heap memory corruption issue in "cooltype.dll" when handling PDF files containing malformed TTF fonts. Adobe Reader version 9.3.4 is affected.
• Ref: http://contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.
  html

• 10.38.16 - CVE: CVE-2010-3018
• Platform: Cross Platform
• Title: RSA Access Manager Server Cache Update Security Bypass
• Description: RSA Access Manager Server is used to centralize the management of authentication and authorization policies. RSA Access Manager Server is exposed to a security bypass issue that occurs during cache updates.
• Ref: http://www.securityfocus.com/bid/43085

• 10.38.17 - CVE: CVE-2010-3017
• Platform: Cross Platform
• Title: RSA Access Manager Agent Security Bypass
• Description: RSA Access Manager is used to centralize the management of authentication and authorization policies. RSA Access Manager Agent is exposed to a security bypass issue when used with RSA Adaptive Authentication Integration. RSA Access Manager Agent version 4.7.1 is affected.
• Ref: http://www.securityfocus.com/bid/43089

• 10.38.18 - CVE: CVE-2010-3007, CVE-2010-3008
• Platform: Cross Platform
• Title: HP Data Protector Express Local Privilege Escalation
• Description: HP Data Protector Express is a backup and recovery solution. The application is exposed to an unspecified local privilege escalation issue. HP Data Protector Express SSE 3.x prior to build 56936 and HP Data Protector Express SSE 4.x prior to build 56906 are affected.
• Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02067559

• 10.38.19 - CVE: CVE-2010-2952
• Platform: Cross Platform
• Title: Apache Traffic Server Remote DNS Cache Poisoning
• Description: Apache Traffic Server is an open source DNS server. Apache Traffic Server is exposed to a remote cache poisoning issue that occurs because the application fails to sufficiently randomize the DNS transaction ID and the source port number of a DNS request. Apache Traffic Server versions prior to 2.0.1 are affected.
• Ref: http://www.nth-dimension.org.uk/pub/NDSA20100830.txt.asc

• 10.38.20 - CVE: CVE-2010-3008
• Platform: Cross Platform
• Title: HP Data Protector Express Local Privilege Escalation
• Description: HP Data Protector Express is a backup and recovery solution. The application is exposed to an unspecified local privilege escalation issue. The issue affects the following: HP Data Protector Express 3.x and HP Data Protector Express SSE 3.x prior to build 56936 HP Data Protector Express 4.x and HP Data Protector Express SSE 4.x prior to build 56906
• Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02067559

• 10.38.21 - CVE: CVE-2010-3082
• Platform: Cross Platform
• Title: Django CSRF Token HTML Injection
• Description: Django is a Python-based framework for building web applications. Django is exposed to an HTML injection issue because it fails to sufficiently sanitize data supplied to the CSRF cookie parameter before using it to generate the CSRF token inserted into outgoing HTML forms. Django versions1.2 and the development trunk are affected.
• Ref: http://www.djangoproject.com/weblog/2010/sep/08/security-release/

• 10.38.22 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Records Manager Multiple Unspecified Remote Issues
• Description: IBM Records Manager is a records management engine for business applications. The application is exposed to multiple security issues like unspecified remote URI redirection, cross-site scripting, and information disclosure. IBM Records Manager version 4.5.1 is affected.
• Ref: http://www.securityfocus.com/bid/43136

• 10.38.23 - CVE: Not Available
• Platform: Cross Platform
• Title: MailScanner "update_virus_scanners" Insecure Lock File Scanner Bypass Issue
• Description: MailScanner scans for viruses at email gateways. MailScanner is exposed to a security issue because its mechanism to update virus scanners can be bypassed. Specifically, "update_virus_scanners" uses the "mtime" of the "/tmp/MailScanner.autoupdate.lock" file to determine if virus signatures should be updated. MailScanner version 4.79.11 is affected.
• Ref: http://www.securityfocus.com/bid/43178

• 10.38.24 - CVE: CVE-2010-0152,CVE-2010-0153,CVE-2010-0154,CVE-2010-0155
• Platform: Cross Platform
• Title: IBM Proventia Network Mail Security System Multiple Remote Issues
• Description: IBM Proventia Network Mail Security System is an email security application. The application is exposed to multiple security issues like cross-site request forgery and cross-site scripting.
• Ref: http://www.securityfocus.com

• 10.38.25 - CVE: Not Available
• Platform: Cross Platform
• Title: Wireshark Malformed SNMP V1 Packet Remote Denial of Service Issue
• Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic. The application is exposed to a remote denial of service issue. Specifically, this issue occurs because the ASN.1/BER dissector fails to handle malformed SNMP packets. Wireshark version 1.4.0 is affected.
• Ref: http://www.securityfocus.com/bid/43197

• 10.38.26 - CVE: Not Available
• Platform: Cross Platform
• Title: pidgin-knotify "notify()" Remote Command Injection
• Description: pidgin-knotify is a notification plugin for pidgin in the KDE 4 environment. The application is exposed to a command injection issue because it fails to adequately sanitize user-supplied input to the "notify()" function in "src/pidgin-knotify.c" before using it in a "system()" call. pidgin-knotify version 0.2.1 is affected.
• Ref: http://www.securityfocus.com/bid/43206

• 10.38.27 - CVE: CVE-2010-3009
• Platform: Cross Platform
• Title: HP System Management Homepage Unspecified Information Disclosure
• Description: HP System Management Homepage (SMH) provides a web-based management interface for ProLiant and Integrity servers. The application is exposed to an unspecified remote information disclosure issue. HP System Management Homepage versions 6.0 and 6.1 running on Linux (x86 and AMD64/EM64T) are vulnerable.
• Ref: http://www.securityfocus.com/bid/43208

• 10.38.28 - CVE: CVE-2010-3069
• Platform: Cross Platform
• Title: Samba SID Parsing Remote Buffer Overflow Issue
• Description: Samba is a suite of software that provides file and print services for "SMB/CIFS" clients. Samba is exposed to a remote stack-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized buffer. The issue occurs in "sid_parse()" and "dom_sid_parse()" functions when parsing the binary representation of a Windows SID. Samba versions prior to 3.5.5 are affected.
• Ref: http://www.securityfocus.com/bid/43212

• 10.38.29 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Lotus Domino iCalendar Remote Stack Buffer Overflow
• Description: IBM Lotus Domino is a client/server product designed for collaborative working environments. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. IBM Lotus Domino versions prior to 8.0.2 Fix Pack 5, 8.5.1 Fix Pack 2, and 8.5.2 are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21446515

• 10.38.30 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Lotus Sametime Connect Web Container Unspecified Issue
• Description: IBM Lotus Sametime Connect is a communication and collaboration application. IBM Lotus Sametime Connect is exposed to an unspecified vulnerability that affects the web container. The impact of this issue is currently unknown. We will update this BID when more information emerges. IBM Lotus Sametime Connect versions prior to 8.5.1 Cumulative Fix pack 1 (CF1) are affected.
• Ref: http://www.securityfocus.com/bid/43220

• 10.38.31 - CVE: CVE-2010-3171
• Platform: Cross Platform
• Title: Mozilla Firefox "Math.random()" Cross Domain Information Disclosure Issue
• Description: Firefox is a browser available for multiple platforms. Mozilla Firefox is exposed to a cross domain information disclosure issue. Specifically, this issue affects the "Math.random()" PRNG scope and seeding implementation. "Math.random() PRNG" values and states could be disclosed across domains making it possible to reconstruct the values and states.
• Ref: http://www.mozilla.org/security/announce/

• 10.38.32 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Invision Power Board BBCode Cross-Site Scripting
• Description: Invision Power Board is a content management application. Invision Power Board is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. This issue is related to BBCode in the "admin/sources/classes/bbcode/custom/defaults.php" source file. Invision Power Board version 3.1.2 is affected.
• Ref: http://community.invisionpower.com/topic/320838-ipboard-31x-security-patch-relea
  sed/

• 10.38.33 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Beehive Forum Multiple Cross-Site Scripting Vulnerabilities
• Description: Beehive Forum is a PHP-based forum application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Beehive Forum version 0.9.1 is affected.
• Ref: http://pridels-team.blogspot.com/2010/09/open-classifieds-version-1702-xss-vuln.
  html

• 10.38.34 - CVE: CVE-2010-2366
• Platform: Web Application - Cross Site Scripting
• Title: Futomi CGI Cafe Access Analyzer CGI Cross-Site Scripting
• Description: Futomi CGI Cafe Access Analyzer CGI is a web application. It is implemented in Perl and is available for a number of operating systems. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Access Analyzer CGI Professional version and Access Analyzer CGI Standard versions 4.0.2 and earlier are affected.
• Ref: http://jvn.jp/en/jp/JVN35605523/index.html

• 10.38.35 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: NetArt Media Car Portal "y" Parameter Cross-Site Scripting
• Description: Car Portal is a web-based portal for automobile classifieds. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "y" parameter in the "include/images.php" script. NetArt Media Car Portal version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/43145

• 10.38.36 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Open Classifieds Multiple Cross-Site Scripting Vulnerabilities
• Description: Open Classifieds is an open source script for classifieds, advertisements, or listings. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Open Classifieds version 1.7.0.2 is affected.
• Ref: http://pridels-team.blogspot.com/2010/09/open-classifieds-version-1702-xss-vuln.
  html

• 10.38.37 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: GNU Mailman Multiple Cross-Site Scripting Vulnerabilities
• Description: GNU Mailman is an open source email discussion and e-news list management application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize undisclosed input to affected scripts and parameters. GNU Mailman version 2.1.13 (prior to September 9th, 2010) is affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=631881

• 10.38.38 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ASP Nuke "article.asp" SQL Injection
• Description: ASP Nuke is a content management system implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "articleid" parameter of the "article.asp" script before using it in an SQL query. ASP Nuke version 0.80 is affected.
• Ref: http://www.securityfocus.com/bid/43165

• 10.38.39 - CVE: Not Available
• Platform: Web Application
• Title: CubeCart Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
• Description: CubeCart is a web-based e-commerce application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. CubeCart version 4.3.3 is affected.
• Ref: http://www.securityfocus.com/bid/43114

• 10.38.40 - CVE: Not Available
• Platform: Web Application
• Title: Symphony SQL Injection and HTML Injection Issue
• Description: Symphony is a PHP-based content manager. The application is exposed to multiple security issues because it fails to sufficiently sanitize user-supplied data. Symphony version 2.1.1 is affected.
• Ref: http://www.securityfocus.com/bid/43180

• 10.38.41 - CVE:CVE-2010-3034,CVE-2010-3033,CVE-2010-2843,CVE-2010-2842,CVE-2010-0575
• Platform: Network Device
• Title: Cisco Wireless LAN Controller Multiple Issues
• Description: Cisco Wireless LAN Controller is used to control various wireless LAN functions. Cisco Wireless LAN Controller is exposed to multiple security bypass issues. These issues occur because the device allows unauthenticated users to bypass policies that should be enforced by CPU-based access control lists (ACL).
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20100908-wlc.shtml

• 10.38.42 - CVE: Not Available
• Platform: Network Device
• Title: Nokia E72 Keyboard Password Validation Authentication Bypass
• Description: Nokia E72 is a smart phone. Nokia E72 is exposed to an authentication bypass issue that occurs because the device's keyboard lock has a small delay when validating password.
• Ref: http://www.securityfocus.com/archive/1/513677

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/