Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 44
October 28, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Mac Os
    • 1
    • Linux
    • 1
    • Novell
    • 1
    • Cross Platform
    • 21 (#1,#2,#3)
    • Web Application - Cross Site Scripting
    • 3
    • Web Application - SQL Injection
    • 3
    • Web Application
    • 3

******************** Sponsored By Sourcefire, Inc. *****************

Free Next Gen IPS Analyst Briefing

Key industry analysts are saying that the future of information security is context aware and adaptive. What does that mean to you? What should you be considering as you replace your static security infrastructure? Why is it important to have application, identity, and content awareness? Find out in a free research briefing.

http://www.sans.org/info/66353 ****************************************************************** TRAINING UPDATE New "Combating Malware in the Enterprise" course at SANS (SEC569). How do you fight off malware when you have thousands of hosts? Course debut in Las Vegas (Sept'10) and Washington DC (Dec'10): http://www.sans.org/security-training/combating-malware-enterprise-1482-mid - -- SANS Chicago 2010, Skokie, Illinois, October 25-30, 2010 6 courses. Bonus evening presentations include Weaponizing LISP: Advancing the Art of Network Security and Examining the Global Underground of Malicious Actors http://www.sans.org/chicago-2010/night.php - -- SANS San Francisco 2010, November 5-12, 2010 7 courses. Bonus evening presentations include Weaponizing LISP: Advancing the Art of Network Security http://www.sans.org/san-francisco-2010/ - -- SANS London 2010, November 27-December 6, 2010 14 courses. Bonus evening presentations include Latest Advances in Computer Forensics and Continuous Vulnerability Testing and Remediation: The 20 Critical Security Controls Perspective http://www.sans.org/london-2010/ - -- SANS Cyber Defense Initiative 2010, Washington DC, December 10-17, 2010 24 courses. Bonus evening presentations include Browser Based Defenses; Continuous Vulnerability Testing and Remediation: the 20 Critical Security Controls Perspective; and Cyberwar or Business as Usual? The State of US Federal CyberSecurity Efforts http://www.sans.org/cyber-defense-initiative-2010/ - -- SANS Security East 2011, New Orleans, LA, January 20-27, 2011 12 courses. Bonus evening presentations and special events include Happy Little Clouds: Governing, Assessing and Auditing Cloud Environments and Future Trends in Network Security http://www.sans.org/security-east-2011/ - -- Looking for training in your own community? http://sans.org/community/ Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/discounts.php#current Plus San Antonio, Sydney, Geneva, Tokyo, Manama and Muscat all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php *********************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Linux
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application

*********************** Sponsored Link: **************************

1) The SANS WhatWorks Incident Detection and Log Management Summit will also focus on which logging configurations capture the history of a hacker's activity on your machine, from the establishment of unauthorized accounts to the installation of back-doors, enabling you to quickly isolate and repair affected systems after an intrusion. Register at http://www.sans.org/info/66358 ******************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

Widely Deployed Software
  • (1) HIGH: Adobe Acrobat, Reader and Flash Remote Code Execution Vulnerability
  • Affected:
    • Adobe Flash Player 10.1.85.3 and prior for Windows, Mac OS X, Linux, and Solaris
    • Adobe Flash Player 10.1.95.2 and prior for Android
    • Adobe Reader 9.4 and prior for Windows, Mac OS X, and Unix
    • Adobe Acrobat 9.4 and prior for Windows and Mac OS X

  • Description: An 0-day vulnerability affecting multiple Adobe products is being actively exploited in the wild, according to Adobe. Adobe plans to release an update addressing this vulnerability in early November. An attacker must entice a victim to navigate to view malicious content in order to exploit this vulnerability, which could allow for remote code execution.

  • Status: vendor confirmed, updates not available

  • References:
  • (2) HIGH: Mozilla Products Heap Buffer Overflow Mixing document.write and DOM Insertion
  • Affected:
    • Firefox prior to 3.6.12
    • Firefox prior to 3.5.15
    • Thunderbird prior to 3.1.6
    • Thunderbird prior to 3.0.10
    • SeaMonkey prior to 2.0.10

  • Description: The Mozilla Foundation has recently released a patch for a heap buffer overflow vulnerability affecting multiple products, including its Firefox browser. Before the vulnerability was patched, it was used by hackers to infect visitors to the Nobel Prize site. The Norman Malware Detection Team discovered the vulnerability while analyzing the malware. In order to exploit this vulnerability, an attacker must entice the target to visit a malicious site, in this case the infected Nobel Prize site.

  • Status: vendor confirmed, updates available

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 44, 2010

Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 10402 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 10.44.3 - CVE: Not Available
  • Platform: Novell
  • Title: Blue Coat ProxyAV Multiple Cross-Site Request Forgery Issues
  • Description: Blue Coat ProxyAV is an enterprise proxy appliance that is used to detect malware at the web gateway. The application is exposed to multiple unspecified cross-site request forgery issues affecting the administrative console. Blue Coat ProxyAV versions prior to 3.2.6.1 are affected.
  • Ref: http://www.securityfocus.com/bid/44385
  • 10.44.4 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Google Chrome Multiple Security Issues
  • Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to multiple security issue. Google chrome versions prior to 7.0.517.41 are affected.
  • Ref: http://www.securityfocus.com/bid/44241
  • 10.44.5 - CVE: CVE-2010-3160
  • Platform: Cross Platform
  • Title: Archive Decoder "explorer.exe" Executable Loading Arbitrary Code Execution Issue
  • Description: Archive Decoder is an archive extractor. The application is exposed to an issue that lets attackers execute arbitrary code. Archive Decoder version 1.23 is affected.
  • Ref: http://www.securityfocus.com/bid/44244
  • 10.44.6 - CVE: CVE-2010-3178
  • Platform: Cross Platform
  • Title: Mozilla Firefox SeaMonkey Thunderbird Modal Calls Cross-Domain Information Disclosure
  • Description: Firefox is a browser; SeaMonkey is a suite of applications that includes a browser and an email client; Thunderbird is an email client. All three applications are available for multiple platforms. The applications are exposed to a cross domain information disclosure issue because they fail to enforce the same origin policy.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-67.html
  • 10.44.7 - CVE: CVE-2010-3159
  • Platform: Cross Platform
  • Title: Explzh Executable Loading Arbitrary Code Execution
  • Description: Explzh is a file compression application. Explzh is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the application searches for executable files in the current working directory. Explzh versions prior to 5.68 are affected.
  • Ref: http://www.securityfocus.com/bid/44257
  • 10.44.8 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Ubuntu Drupal Theme - Brown Directory Traversal Issue
  • Description: The Ubuntu Drupal Theme - Brown is a theme for the Drupal content manager. The application is exposed to a directory traversal issue because user-supplied input from the URL is not properly sanitized. Ubuntu Drupal Theme - Brown versions prior to 6.x-8.1 and Ubuntu Drupal Theme - Brown 5.x are affected.
  • Ref: http://www.securityfocus.com/bid/44281
  • 10.44.9 - CVE: CVE-2010-3711
  • Platform: Cross Platform
  • Title: Pidgin "libpurple" Multiple Denial of Service Issues
  • Description: Pidgin is a multi platform instant messaging (IM) client that supports multiple messaging protocols. Libpurple is a library used to provide IM functionality. The application is exposed to multiple denial of service issues. Pidgin versions prior to 2.7.4 are affected.
  • Ref: http://www.securityfocus.com/bid/44283
  • 10.44.10 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Shockwave Player rcsL Chunk EAX Register Memory Corruption issue
  • Description: Adobe Shockwave Player is a multimedia player application. Adobe Shockwave Player is exposed to a remote memory corruption issue because it fails to properly parse "rcsL" chunks of the Director's RIFF based file format. Adobe Shockwave Player version 11.5.8.612 is affected.
  • Ref: http://www.securityfocus.com/bid/44291
  • 10.44.11 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Linux Kernel "setup_arg_pages()" Denial of Service Issue
  • Description: The Linux kernel is exposed to a denial of service issue because it fails to properly handle user supplied input. This issue occurs when the "setup_arg_pages()" function in the "fs/exec.c" script fails to properly validate the size of argument or environment space available on the stack. This issue can be triggered with large "RLIMIT_STACK" values.
  • Ref: http://www.securityfocus.com/bid/44301
  • 10.44.12 - CVE:CVE-2007-6741,CVE-2007-6740,CVE-2007-6739,CVE-2007-6737,CVE-2007-6736
  • Platform: Cross Platform
  • Title: pyftpdlib Security Weakness and Multiple Remote Issues
  • Description: pyftpdlib is a Python FTP server library available for multiple platforms. The library is exposed to multiple remote issues. pyftpdlib versions prior to 0.2.0 are affected.
  • Ref: http://www.securityfocus.com/bid/44322
  • 10.44.13 - CVE: CVE-2008-7262
  • Platform: Cross Platform
  • Title: pyftpdlib Symlink Directory Traversal Issue
  • Description: pyftpdlib is a Python FTP server library available for multiple platforms. pyftpdlib is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/44333
  • 10.44.14 - CVE:CVE-2010-3983,CVE-2010-3982,CVE-2010-3981,CVE-2010-3980,CVE-2010-3979
  • Platform: Cross Platform
  • Title: SAP BusinessObjects Enterprise Multiple Remote Issues
  • Description: SAP BusinessObjects Enterprise is a web-based enterprise information management application. SAP BusinessObjects Enterprise XI version 3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/44268
  • 10.44.15 - CVE: CVE-2010-2891
  • Platform: Cross Platform
  • Title: libsmi "smiGetNode()" Long OID Remote Buffer Overflow Issue
  • Description: libsmi is a library that provides an interface for SMI MIB modules. The library is exposed to a buffer overflow issue because it fails to properly validate user supplied input. libsmi version 0.4.8 is affected.
  • Ref: http://www.securityfocus.com/bid/44276
  • 10.44.16 - CVE: CVE-2010-4007
  • Platform: Cross Platform
  • Title: Oracle Mojarra Encrypted View State Oracle Padding Security Issue
  • Description: Oracle Mojarra is a Java Server Face (JSF) reference implementation. Oracle Mojarra is exposed to an issue that may allow attackers to modify the "View State" through padding oracle attacks.
  • Ref: http://www.securityfocus.com/bid/44337
  • 10.44.17 - CVE: CVE-2010-3856
  • Platform: Cross Platform
  • Title: GNU glibc Dynamic Linker "LD_AUDIT" Local Privilege Escalation Issue
  • Description: GNU glibc is an implementation of the GNU C library. GNU glibc is exposed to a local privilege escalation issue. The issue arises because the dynamic linker will run "dlopen()" on arbitrary dynamic shared objects when examining exported symbols. This can be exploited through the "LD_AUDIT" environment variable to execute arbitrary code in the context of the affected applications.
  • Ref: http://www.securityfocus.com/bid/44347
  • 10.44.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP Data Protector Media Operations "SignInName" Denial of Service Issue
  • Description: HP Data Protector Media Operations is an application for tracking and managing offline storage media, such as magnetic tapes. HP Data Protector Media Operations is exposed to a denial of service issue. Specifically, the issue occurs in the HTTP Server component of the application when an overly long string is provided to the "SignInName" parameter in a POST request. HP Data Protector Media Operations version 6.11 is affected.
  • Ref: http://www.securityfocus.com/bid/44381
  • 10.44.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NitroView ESM "ess.pm" Remote Command Execution Issue
  • Description: NitroView ESM is a security information and event management system. NitroView ESM is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the web server running on the appliance fails to adequately sanitize user-supplied input passed to the "Request" parameter in the "ess.pm" module. NitroView ESM version 8.4.0a is affected.
  • Ref: http://www.securityfocus.com/bid/44421
  • 10.44.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox 3.5/3.6 Unspecified Remote Code Execution Issue
  • Description: Mozilla Firefox is a browser for various operating systems. Firefox is exposed to an unspecified remote code execution issue. The cause of this issue may be due to a use-after-free error when the browser handles COM object properties; this has not been confirmed. The issue arises when an unsuspecting user visits a malicious website. Firefox versions 3.5.x and 3.6.x are affected.
  • Ref: http://www.securityfocus.com/bid/44425
  • 10.44.21 - CVE: CVE-2010-3990
  • Platform: Cross Platform
  • Title: HP Virtual Server Environment Arbitrary File Download
  • Description: HP Virtual Connect Enterprise Manager is a web-based IT service management application. The application is exposed to an unspecified issue that lets attackers download arbitrary files. HP Virtual Server Environment versions prior to 6.2 are affected.
  • Ref: http://www.securityfocus.com/bid/44428
  • 10.44.22 - CVE:CVE-2010-3987,CVE-2010-4023,CVE-2010-3989,CVE-2010-4024,CVE-2010-4024,CVE-2010-3986
  • Platform: Cross Platform
  • Title: HP Insight Control Virtual Machine Management Multiple Security Issues
  • Description: HP Insight Control Virtual Machine Management adds virtual machine management capability within HP Systems Insight Manager (HP SIM). HP Insight Control Virtual Machine Management for Windows is exposed to an unspecified cross-site-scripting issue because it fails to sanitize user-supplied input. HP Insight Control Virtual Machine Management versions prior to 6.2 are affected.
  • Ref: http://www.securityfocus.com/bid/44432
  • 10.44.23 - CVE: CVE-2010-3992
  • Platform: Cross Platform
  • Title: HP Insight Control Server Migration For Windows Data Access Local Privilege Escalation
  • Description: HP Insight Control is used to migrate data and applications from one server to another. HP Insight Control Server Migration for Windows is exposed to a local privilege escalation issue because the application allows unauthorized access to certain data. HP Insight Control Server Migration versions prior to 6.2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/514460
  • 10.44.25 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: sNews "snews.php" Cross-Site Scripting and HTML Injection Vulnerabilities
  • Description: sNews is a PHP-based content management application. The application is exposed to multiple issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. sNews version 1.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/514378
  • 10.44.26 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Tivoli Access Manager for e-business Multiple Cross-Site Scripting Vulnerabilities
  • Description: IBM Tivoli Access Manager for e-business provides central access control for multiple services and applications in an enterprise environment. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. IBM Tivoli Access Manager for e-business version 6.1.0 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ84918
  • 10.44.27 - CVE: CVE-2010-2885
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe RoboHelp Server and RoboHelp Multiple Cross-Site Scripting Issues
  • Description: Adobe RoboHelp Server is an application for serving RoboHelp files using the IIS web server. Adobe RoboHelp is an application for generating online help systems. The applications are exposed to multiple cross-site scripting issues because they fail to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/44167
  • 10.44.28 - CVE: CVE-2009-2013
  • Platform: Web Application - SQL Injection
  • Title: Frontis "source_class" Parameter SQL Injection Issue
  • Description: Frontis is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "source_class" parameter of the "bin/aps_browse_sources.php" script before using it in an SQL query. Frontis version 3.9.01.24 is affected.
  • Ref: http://www.securityfocus.com/bid/44236
  • 10.44.29 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DeluxeBB "xthedateformat" Parameter SQL Injection Issue
  • Description: DeluxeBB is a web-based bulletin board implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data passed to the "xthedateformat" parameter of the "misc.php" script. DeluxeBB version 1.3 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/44259
  • 10.44.30 - CVE: CVE-2009-1766
  • Platform: Web Application - SQL Injection
  • Title: LightOpenCMS "index.php" SQL Injection Issue
  • Description: LightOpenCMS is a web-based application implemented in PHP. LightOpenCMS is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data passed to the "id" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/44451
  • 10.44.31 - CVE: Not Available
  • Platform: Web Application
  • Title: Best Practical Solutions RT (Request Tracker) ShowConfigTab Security Bypass
  • Description: RT (Request Tracker) is a web-based issue tracking system. RT is exposed to a security bypass issue because it does not properly restrict access, and allows arbitrary users with the "ShowConfigTab" permission to edit the global "RT at a Glance" resource.
  • Ref: http://lists.bestpractical.com/pipermail/rt-announce/2009-June/000169.html
  • 10.44.32 - CVE: Not Available
  • Platform: Web Application
  • Title: S-CMS Multiple Local File Include Vulnerabilities
  • Description: S-CMS is a PHP-based application for content management. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. S-CMS 2.0-Beta3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/504184
  • 10.44.33 - CVE: CVE-2009-3191,CVE-2009-3190
  • Platform: Web Application
  • Title: PAD Site Scripts Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: PAD Site Scripts is a set of PHP scripts for maintaining PAD-enabled websites. The application is exposed to the multiple issues because it fails to sufficiently sanitize user-supplied input. PAD Site Scripts version 3.6 is affected.
  • Ref: http://www.securityfocus.com/bid/44239

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/

Valuable information to take back to work with me, as well as hands-on testing examples.
-Carol Jones, Office of Court Administration

SANS San Diego 2013

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County