Vulnerability Summary for the Week of January 25, 2010

Released
Feb 01, 2010
Document ID
SB10-032

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
a3malnet -- magic-portalSQL injection vulnerability in home.php in magic-portal 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.2010-01-287.5CVE-2010-0457
XF
MISC
MISC
cisco -- unified_meetingplaceCisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691.2010-01-289.0CVE-2010-0139
CISCO
cisco -- unified_meetingplaceMultiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661.2010-01-2810.0CVE-2010-0140
CISCO
cisco -- unified_meetingplaceMeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530.2010-01-288.5CVE-2010-0142
CISCO
embarcadero -- interbase_smp_2009Multiple stack-based buffer overflows in Embarcadero Technologies InterBase SMP 2009 9.0.3.437 allow remote attackers to execute arbitrary code via unknown vectors involving crafted packets. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2010-01-2610.0CVE-2010-0391
BID
SECUNIA
OSVDB
fabricadigital -- publiqueSQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publique! 2.3 allows remote attackers to execute arbitrary SQL commands via the sid parameter.2010-01-287.5CVE-2010-0454
BUGTRAQ
SECUNIA
MISC
OSVDB
indianpulses -- com_gameserverSQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php.2010-01-287.5CVE-2010-0456
XF
BID
BID
MISC
intel -- e1000
linux -- kernel
linux -- kernel
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567.2010-01-267.1CVE-2010-0006
CONFIRM
BID
OSVDB
MLIST
CONFIRM
CONFIRM
SECUNIA
SECUNIA
MLIST
FEDORA
CONFIRM
MISC
CONFIRM
linux -- kernel
redhat -- enterprise_linux
A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.2010-01-277.8CVE-2009-4272
REDHAT
CONFIRM
XF
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
netart_media -- blog_systemMultiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to index.php log.php and the (2) note parameter to b.2010-01-287.5CVE-2010-0458
XF
BID
MISC
MISC
phpf1 -- max's_image_uploaderUnrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.2010-01-269.3CVE-2010-0390
MISC
SECUNIA
OSVDB
realnetworks -- helix_player
realnetworks -- realplayer
realnetworks -- realplayer_enterprise
realnetworks -- realplayer_sp
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.2010-01-259.3CVE-2009-4241
MISC
VUPEN
CONFIRM
realnetworks -- helix_player
realnetworks -- realplayer
realnetworks -- realplayer_enterprise
realnetworks -- realplayer_sp
Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.2010-01-259.3CVE-2009-4242
MISC
VUPEN
CONFIRM
SECTRACK
realnetworks -- helix_player
realnetworks -- realplayer
realnetworks -- realplayer_enterprise
realnetworks -- realplayer_sp
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow."2010-01-259.3CVE-2009-4243
VUPEN
CONFIRM
SECTRACK
realnetworks -- helix_player
realnetworks -- realplayer
realnetworks -- realplayer_enterprise
realnetworks -- realplayer_sp
Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.2010-01-259.3CVE-2009-4244
MISC
VUPEN
CONFIRM
SECTRACK
realnetworks -- helix_player
realnetworks -- realplayer
realnetworks -- realplayer_enterprise
realnetworks -- realplayer_sp
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to have an unspecified impact via a compressed GIF file.2010-01-259.3CVE-2009-4245
VUPEN
CONFIRM
SECTRACK
realnetworks -- helix_player
realnetworks -- realplayer
realnetworks -- realplayer_enterprise
realnetworks -- realplayer_sp
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.2010-01-259.3CVE-2009-4246
MISC
VUPEN
CONFIRM
SECTRACK
realnetworks -- helix_player
realnetworks -- realplayer
realnetworks -- realplayer_enterprise
realnetworks -- realplayer_sp
RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allow remote attackers to have an unspecified impact via a crafted ASM RuleBook, related to an "array overflow."2010-01-259.3CVE-2009-4247
VUPEN
CONFIRM
SECTRACK
realnetworks -- helix_player
realnetworks -- realplayer
realnetworks -- realplayer_enterprise
realnetworks -- realplayer_sp
Buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to have an unspecified impact via a crafted RTSP SET_PARAMETER request.2010-01-259.3CVE-2009-4248
VUPEN
CONFIRM
SECTRACK
realnetworks -- helix_player
realnetworks -- realplayer
realnetworks -- realplayer_enterprise
realnetworks -- realplayer_sp
Heap-based buffer overflow in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.2010-01-259.3CVE-2009-4257
MISC
VUPEN
CONFIRM
SECTRACK
sun -- java_system_web_serverMultiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.2010-01-257.5CVE-2010-0387
XF
BID
SECTRACK
MLIST
MISC
sun -- java_system_web_serverFormat string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.2010-01-257.5CVE-2010-0388
XF
BID
MISC
sun -- change_managerBuffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.2010-01-2810.0CVE-2003-1576
SUNALERT
CONFIRM
sun -- storedge_6130_arraysUnspecified vulnerability on certain Sun StorEdge 6130 (SE6130) Controller Arrays allows remote attackers to delete data via unknown vectors.2010-01-287.5CVE-2005-4885
SUNALERT
systemtap -- systemtapstap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.2010-01-2610.0CVE-2009-4273
CONFIRM
FEDORA
thegreenbow -- ipsec_vpn_clientStack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to "phase 2."2010-01-269.3CVE-2010-0392
CONFIRM
MISC
yoflash -- com_mochigamesSQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.2010-01-287.5CVE-2010-0459
XF
BID
MISC
MISC

Back to top


Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
apache -- tomcatDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.2010-01-285.8CVE-2009-2693
VUPEN
CONFIRM
CONFIRM
CONFIRM
apache -- tomcatThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.2010-01-284.3CVE-2009-2901
VUPEN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apache -- tomcatDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.2010-01-284.3CVE-2009-2902
XF
BID
BUGTRAQ
SECTRACK
SECUNIA
cisco -- unified_meetingplaceMeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935.2010-01-286.4CVE-2010-0141
CISCO
gnu -- gzip
gzip -- gzip
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.2010-01-296.8CVE-2009-2624
CONFIRM
VUPEN
UBUNTU
MANDRIVA
DEBIAN
SECUNIA
SECUNIA
SECUNIA
SUSE
CONFIRM
CONFIRM
MLIST
gnu -- gzip
gzip -- gzip
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.2010-01-296.8CVE-2010-0001
CONFIRM
VUPEN
UBUNTU
REDHAT
OSVDB
MANDRIVA
MANDRIVA
DEBIAN
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
CONFIRM
SUSE
CONFIRM
hp -- openview_storage_data_protectorUnspecified vulnerability in HP OpenView Storage Data Protector 6.00 and 6.10 allows local users to obtain unspecified "access" via unknown vectors.2010-01-284.6CVE-2009-4183
VUPEN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ibm -- lotus_domino_serverThe default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.2010-01-254.3CVE-2008-7253
CERT-VN
CONFIRM
CONFIRM
CONFIRM
ibm -- db2Heap-based buffer overflow in IBM DB2 9.7 and 9.7.1 on Linux allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.2010-01-286.5CVE-2010-0462
XF
BID
SECTRACK
MISC
intel -- e1000
linux -- kernel
linux -- kernel
The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.2010-01-265.4CVE-2010-0003
CONFIRM
MLIST
MLIST
CONFIRM
SECUNIA
CONFIRM
FEDORA
CONFIRM
joomla -- com_casinoSQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.2010-01-286.5CVE-2010-0461
XF
BID
MISC
MISC
mozilla -- seamonkey
mozilla -- thunderbird
Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird.2010-01-295.0CVE-2009-4629
MISC
CONFIRM
mozilla -- seamonkey
mozilla -- thunderbird
Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case."2010-01-295.0CVE-2009-4630
MISC
MISC
oracle -- database_serverUnspecified vulnerability in the Oracle OLAP component in Oracle Database Server 10.1.0.4 (10g) allows remote authenticated attackers to affect availability via unknown vectors, aka DB02.2010-01-256.8CVE-2005-4884
CONFIRM
punbb -- punbbCross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter.2010-01-284.3CVE-2010-0455
XF
BID
MISC
sun -- java_system_application_serverThe default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.2010-01-254.3CVE-2010-0386
SUNALERT
sun -- java_system_web_serverThe admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token.2010-01-255.0CVE-2010-0389
MISC
sun -- iplanet_messaging_server
sun -- one_messaging_server
Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.2010-01-284.3CVE-2004-2765
SUNALERT
CONFIRM
sun -- iplanet_messaging_server
sun -- one_messaging_server
Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.2010-01-284.3CVE-2004-2766
SUNALERT
CONFIRM
symantec -- vxfsVERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem.2010-01-284.6CVE-2003-1575
SUNALERT
CONFIRM
tor -- torTor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations.2010-01-255.0CVE-2010-0383
BID
SECUNIA
MLIST
MLIST
MLIST
MLIST
tor -- torTor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query.2010-01-255.0CVE-2010-0385
BID
OSVDB
SECUNIA
MLIST
MLIST

Back to top


Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
kayako -- esupport
kayako -- supportsuite
Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information.2010-01-283.5CVE-2010-0460
XF
BID
BUGTRAQ
SECUNIA
MISC
OSVDB
linux -- kernel
redhat -- enterprise_linux
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.2010-01-271.9CVE-2009-3556
REDHAT
CONFIRM
XF
MLIST
tor -- torTor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files.2010-01-252.1CVE-2010-0384
MLIST

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.