U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-046)

Vulnerability Summary for the Week of February 8, 2010

Original release date: February 15, 2010 | Last revised: November 01, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
baalsystems -- baal_systems
Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. 2010-02-11 7.5 CVE-2010-0611
XF
BID
MISC
MISC
cisco -- ironport_encryption_appliance
cisco -- ironport_postx
Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65921. 2010-02-11 7.8 CVE-2010-0143
CISCO
cisco -- ironport_encryption_appliance
cisco -- ironport_postx
Unspecified vulnerability in the WebSafe DistributorServlet in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65922. 2010-02-11 7.8 CVE-2010-0144
CISCO
cisco -- ironport_encryption_appliance
cisco -- ironport_postx
Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923. 2010-02-11 10.0 CVE-2010-0145
CISCO
dmanager -- documentmanager
Unspecified vulnerability in DocumentManager before 4.0 has unknown impact and attack vectors, related to file rights. 2010-02-11 7.5 CVE-2010-0612
CONFIRM
ffmpeg -- ffmpeg
Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption. 2010-02-09 9.3 CVE-2009-4631
MISC
MISC
MISC
ffmpeg -- ffmpeg
vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. 2010-02-09 10.0 CVE-2009-4633
MISC
MISC
ffmpeg -- ffmpeg
Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. 2010-02-09 10.0 CVE-2009-4634
MISC
MISC
ffmpeg -- ffmpeg
FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. 2010-02-09 9.3 CVE-2009-4635
MISC
MISC
ffmpeg -- ffmpeg
FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. 2010-02-09 10.0 CVE-2009-4637
MISC
MISC
gnome -- gmime
Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation. 2010-02-08 7.5 CVE-2010-0409
CONFIRM
gnome -- screensaver
gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor. 2010-02-11 7.2 CVE-2010-0414
CONFIRM
CONFIRM
UBUNTU
BID
OSVDB
SECUNIA
SECUNIA
FEDORA
CONFIRM
CONFIRM
CONFIRM
gnome -- screensaver
gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. 2010-02-11 7.2 CVE-2009-4641
CONFIRM
CONFIRM
UBUNTU
gnome -- screensaver
gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. 2010-02-11 7.2 CVE-2009-4642
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
hp -- operations_agent
HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors. 2010-02-09 10.0 CVE-2010-0444
BID
SECTRACK
OSVDB
HP
HP
hp -- network_node_manager
Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, 8.12, and 8.13 allows remote attackers to execute arbitrary commands via unknown vectors. 2010-02-11 10.0 CVE-2010-0445
SECUNIA
HP
HP
microsoft -- windows_2000
microsoft -- windows_server_2003
microsoft -- windows_xp
The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability." 2010-02-10 9.3 CVE-2010-0016
MS
microsoft -- windows_7
microsoft -- windows_server_2008
microsoft -- windows_vista
Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability." 2010-02-10 9.3 CVE-2010-0017
MS
microsoft -- windows_2000
microsoft -- windows_2003_server
microsoft -- windows_7
microsoft -- windows_server_2008
microsoft -- windows_vista
microsoft -- windows_xp
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." 2010-02-10 9.0 CVE-2010-0020
MS
microsoft -- windows_2000
microsoft -- windows_2003_server
microsoft -- windows_7
microsoft -- windows_server_2008
microsoft -- windows_vista
microsoft -- windows_xp
Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." 2010-02-10 7.1 CVE-2010-0021
MS
microsoft -- windows_2000
microsoft -- windows_2003_server
microsoft -- windows_7
microsoft -- windows_server_2008
microsoft -- windows_vista
microsoft -- windows_xp
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." 2010-02-10 7.8 CVE-2010-0022
MS
microsoft -- windows_2000
microsoft -- windows_server_2003
microsoft -- windows_xp
Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." 2010-02-10 9.3 CVE-2010-0028
MS
microsoft -- powerpoint
Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability." 2010-02-10 9.3 CVE-2010-0029
MS
microsoft -- powerpoint
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability." 2010-02-10 9.3 CVE-2010-0030
MS
microsoft -- office
microsoft -- powerpoint
Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability." 2010-02-10 9.3 CVE-2010-0031
MS
microsoft -- powerpoint
Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability." 2010-02-10 9.3 CVE-2010-0032
MS
microsoft -- powerpoint
Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability." 2010-02-10 9.3 CVE-2010-0033
MS
microsoft -- powerpoint
Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability." 2010-02-10 9.3 CVE-2010-0034
MS
microsoft -- windows_2000
microsoft -- windows_2003_server
microsoft -- windows_7
microsoft -- windows_server_2008
microsoft -- windows_vista
microsoft -- windows_xp
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." 2010-02-10 10.0 CVE-2010-0231
MS
microsoft -- windows_2000
microsoft -- windows_server_2003
microsoft -- windows_server_2008
microsoft -- windows_vista
microsoft -- windows_xp
Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." 2010-02-10 7.2 CVE-2010-0233
MS
microsoft -- windows_server_2008
microsoft -- windows_vista
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability." 2010-02-10 10.0 CVE-2010-0239
MS
microsoft -- windows_server_2008
microsoft -- windows_vista
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." 2010-02-10 10.0 CVE-2010-0240
MS
microsoft -- windows_server_2008
microsoft -- windows_vista
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability." 2010-02-10 10.0 CVE-2010-0241
MS
microsoft -- windows_server_2008
microsoft -- windows_vista
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." 2010-02-10 7.8 CVE-2010-0242
MS
microsoft -- office
Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow." 2010-02-10 10.0 CVE-2010-0243
MS
microsoft -- windows_2000
microsoft -- windows_2003_server
microsoft -- windows_7
microsoft -- windows_server_2008
microsoft -- windows_vista
microsoft -- windows_xp
Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via a crafted AVI file, aka "DirectShow Heap Overflow Vulnerability." 2010-02-10 9.3 CVE-2010-0250
MS
microsoft -- windows_2000
microsoft -- windows_2003_server
microsoft -- windows_7
microsoft -- windows_server_2008
microsoft -- windows_vista
microsoft -- windows_xp
The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." 2010-02-10 9.3 CVE-2010-0252
MS
myshell -- evalsmsi
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions. 2010-02-11 7.5 CVE-2010-0614
XF
BID
BUGTRAQ
OSVDB
MISC
SECUNIA
MISC
myshell -- evalsmsi
evalSMSI 2.1.03 stores passwords in cleartext in the database, which allows attackers with database access to gain privileges. NOTE: remote attack vectors are possible by leveraging a separate SQL injection vulnerability. 2010-02-11 7.5 CVE-2010-0616
BID
BUGTRAQ
OSVDB
MISC
SECUNIA
MISC
netbsd -- netbsd
Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before 2010-01-21 allows local users to cause a denial of service (kernel panic) via a negative mixer index number being passed to (1) the azalia_query_devinfo function in the azalia audio driver (src/sys/dev/pci/azalia.c) or (2) the hdaudio_afg_query_devinfo function in the hdaudio audio driver (src/sys/dev/pci/hdaudio/hdaudio_afg.c). 2010-02-08 7.8 CVE-2010-0561
SECTRACK
BID
SECUNIA
OSVDB
OSVDB
NETBSD
novaboard -- novaboard
SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter in a search action. 2010-02-11 7.5 CVE-2010-0608
BID
OSVDB
MISC
SECUNIA
MISC
novaboard -- novaboard
SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the nova_name cookie parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-02-11 7.5 CVE-2010-0609
OSVDB
SECUNIA
osticket -- osticket
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter. 2010-02-11 7.5 CVE-2010-0605
CONFIRM
panda -- panda_activescan
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method. 2010-02-11 9.3 CVE-2009-3735
CERT-VN
VUPEN
BID
MS
MISC
SECUNIA
webguerilla -- com_photoblog
Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist. 2010-02-11 7.5 CVE-2010-0610
XF
BID
MISC
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
arwscripts -- fonts_script
Directory traversal vulnerability in viewfile.php in ARWScripts Fonts Script allows remote attackers to read arbitrary local files via directory traversal sequences in a base64-encoded f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-02-11 5.0 CVE-2010-0613
SECUNIA
eric_raymond -- fetchmail
The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping. 2010-02-08 6.8 CVE-2010-0562
VUPEN
SECTRACK
BID
CONFIRM
SECUNIA
OSVDB
CONFIRM
ffmpeg -- ffmpeg
oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. 2010-02-09 5.8 CVE-2009-4632
MISC
MISC
ffmpeg -- ffmpeg
FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. 2010-02-09 4.3 CVE-2009-4636
MISC
ffmpeg -- ffmpeg
Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. 2010-02-09 4.3 CVE-2009-4638
MISC
MISC
ffmpeg -- ffmpeg
The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. 2010-02-09 4.3 CVE-2009-4639
CONFIRM
MISC
MISC
ffmpeg -- ffmpeg
Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. 2010-02-09 4.3 CVE-2009-4640
MISC
MISC
ibm -- websphere_application_server
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. 2010-02-08 5.0 CVE-2010-0563
CONFIRM
intel -- intel_desktop_board
Unspecified vulnerability in the BIOS in Intel Desktop Board DB, DG, DH, DP, and DQ Series allows local administrators to execute arbitrary code in System Management Mode (SSM) via unknown attack vectors. 2010-02-08 4.6 CVE-2010-0560
VUPEN
CONFIRM
SECUNIA
OSVDB
microsoft -- windows_2000
microsoft -- windows_2003_server
microsoft -- windows_xp
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." 2010-02-10 6.9 CVE-2010-0023
MS
microsoft -- windows_server_2008
The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." 2010-02-10 4.0 CVE-2010-0026
MS
microsoft -- windows_2000
microsoft -- windows_server_2003
microsoft -- windows_server_2008
The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." 2010-02-10 6.3 CVE-2010-0035
MS
myshell -- evalsmsi
Cross-site scripting (XSS) vulnerability in assess.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the reports comment box in a continue_assess action. NOTE: some of these details are obtained from third party information. 2010-02-11 4.3 CVE-2010-0615
XF
BID
BUGTRAQ
OSVDB
MISC
SECUNIA
MISC
myshell -- evalsmsi
Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the return parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-02-11 4.3 CVE-2010-0617
XF
OSVDB
SECUNIA
nanosleep -- trac-git
PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command. 2010-02-09 6.8 CVE-2010-0394
XF
BID
DEBIAN
SECUNIA
OSVDB
CONFIRM
osticket -- osticket
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php. 2010-02-11 4.3 CVE-2010-0606
CONFIRM
otrs -- otrs
Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2010-02-09 6.5 CVE-2010-0438
BID
CONFIRM
OSVDB
CONFIRM
SECUNIA
CONFIRM
CONFIRM
sterlitetechnologies -- sam300_ax_router
Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the Stat_Radio parameter. 2010-02-11 4.3 CVE-2010-0607
SECUNIA
MISC
OSVDB
FULLDISC
systemtap -- systemtap
Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. 2010-02-08 4.9 CVE-2010-0411
CONFIRM
BID
CONFIRM
CONFIRM
SECUNIA
MLIST
trendmicro -- officescan
Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan hang) via unspecified vectors. NOTE: it is likely that this issue also affects tmufeng.dll before 2.0.0.1049 for OfficeScan 10.0. 2010-02-09 5.0 CVE-2010-0564
VUPEN
tuxfamily -- chrony
The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563. 2010-02-08 6.4 CVE-2010-0292
BID
tuxfamily -- chrony
The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets. 2010-02-08 5.0 CVE-2010-0293
CONFIRM
BID
DEBIAN
SECUNIA
SECUNIA
CONFIRM
CONFIRM
tuxfamily -- chrony
chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets. 2010-02-08 5.0 CVE-2010-0294
BID
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
sun -- cluster
Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file. 2010-02-081.9 CVE-2003-1588
SUNALERT
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top