U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-256)

Vulnerability Summary for the Week of September 6, 2010

Original release date: September 13, 2010 | Last revised: November 06, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- shockwave_player
Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both. 2010-09-07 9.3 CVE-2010-2874
CONFIRM
VUPEN
SECTRACK
adobe -- acrobat
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.3.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TTF font in a PDF document, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information. 2010-09-09 9.3 CVE-2010-2883
CONFIRM
SECUNIA
MISC
apple -- webkit
Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element. 2010-09-09 9.3 CVE-2010-1781
CONFIRM
APPLE
apple -- iphone_os
The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors. 2010-09-09 10.0 CVE-2010-1809
CONFIRM
APPLE
apple -- imageio
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file. 2010-09-09 9.3 CVE-2010-1811
CONFIRM
APPLE
apple -- webkit
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections. 2010-09-09 9.3 CVE-2010-1812
CONFIRM
APPLE
apple -- webkit
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines. 2010-09-09 9.3 CVE-2010-1813
CONFIRM
APPLE
apple -- webkit
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus. 2010-09-09 9.3 CVE-2010-1814
CONFIRM
APPLE
apple -- webkit
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. 2010-09-09 9.3 CVE-2010-1815
CONFIRM
APPLE
apple -- imageio
Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. 2010-09-09 9.3 CVE-2010-1817
CONFIRM
APPLE
diy-cms -- diy-cms
Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to modules/guestbook/blocks/control.block.php, (2) main_module parameter to index.php, and (3) getFile parameter to includes/general.functions.php. 2010-09-03 7.5 CVE-2010-3206
XF
EXPLOIT-DB
MISC
gnome -- power_manager
gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. 2010-09-07 7.2 CVE-2006-7240
CONFIRM
gnome -- power_manager
gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier. 2010-09-07 7.2 CVE-2009-4997
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "stale pointer" issue. 2010-09-07 9.3 CVE-2010-3249
CONFIRM
CONFIRM
google -- chrome
Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2010-09-07 10.0 CVE-2010-3252
CONFIRM
CONFIRM
google -- chrome
The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2010-09-07 10.0 CVE-2010-3253
CONFIRM
CONFIRM
google -- chrome
The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2010-09-07 10.0 CVE-2010-3254
CONFIRM
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 6.0.472.53 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2010-09-07 9.3 CVE-2010-3255
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 6.0.472.53 does not properly perform focus handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "stale pointer" issue. 2010-09-07 9.3 CVE-2010-3257
CONFIRM
CONFIRM
google -- chrome
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors. 2010-09-07 9.3 CVE-2010-3258
CONFIRM
CONFIRM
hp -- operations_agent
Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors. 2010-09-08 7.5 CVE-2010-3004
SECUNIA
HP
HP
hp -- data_protector_express
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors. 2010-09-09 7.2 CVE-2010-3007
HP
HP
jextn -- com_jefaqpro
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action. 2010-09-03 7.5 CVE-2010-3211
XF
EXPLOIT-DB
SECUNIA
linux -- kernel
The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. 2010-09-03 7.2 CVE-2010-2240
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
SECTRACK
CONFIRM
linux -- kernel
fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service (panic) via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite2 functions. 2010-09-07 7.8 CVE-2010-2248
BID
REDHAT
CONFIRM
MLIST
MLIST
CONFIRM
SECTRACK
CONFIRM
linux -- kernel
Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions. 2010-09-07 10.0 CVE-2010-2521
REDHAT
CONFIRM
BID
MLIST
MLIST
CONFIRM
SECTRACK
CONFIRM
linux -- kernel
The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change. 2010-09-08 10.0 CVE-2010-2495
CONFIRM
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
linux -- kernel
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. 2010-09-08 7.2 CVE-2010-2798
CONFIRM
CONFIRM
BID
MLIST
MLIST
CONFIRM
SECTRACK
linux -- kernel
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic. 2010-09-08 7.2 CVE-2010-2959
CONFIRM
CONFIRM
BID
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
linux -- kernel
The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. 2010-09-08 7.2 CVE-2010-2960
CONFIRM
XF
BID
MLIST
MISC
SECTRACK
SECUNIA
martin_lee -- multi-lingual_e-commerce_system
Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/. 2010-09-03 7.5 CVE-2010-3210
XF
EXPLOIT-DB
MISC
microsoft -- windows_2003_server
Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors. 2010-09-07 7.2 CVE-2010-2739
VUPEN
MISC
SECUNIA
CONFIRM
mozilla -- firefox
Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. 2010-09-09 9.3 CVE-2010-2760
CONFIRM
CONFIRM
mozilla -- firefox
Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. 2010-09-09 9.3 CVE-2010-2765
CONFIRM
CONFIRM
mozilla -- firefox
The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object. 2010-09-09 9.3 CVE-2010-2766
CONFIRM
CONFIRM
mozilla -- firefox
The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." 2010-09-09 9.3 CVE-2010-2767
CONFIRM
CONFIRM
mozilla -- firefox
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL. 2010-09-09 9.3 CVE-2010-2770
CONFIRM
CONFIRM
mozilla -- firefox
Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. 2010-09-09 9.3 CVE-2010-3166
CONFIRM
CONFIRM
mozilla -- firefox
The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability." 2010-09-09 9.3 CVE-2010-3167
CONFIRM
CONFIRM
mozilla -- firefox
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties. 2010-09-09 9.3 CVE-2010-3168
CONFIRM
CONFIRM
mozilla -- firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2010-09-09 9.3 CVE-2010-3169
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
novell -- opensuse
** DISPUTED ** lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments. 2010-09-03 7.2 CVE-2010-2532
CONFIRM
MISC
CONFIRM
MLIST
MLIST
SUSE
pecio-cms -- pecio_cms
Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) post.php, (2) article.php, (3) blog.php, or (4) home.php in pec_templates/nova-blue/. 2010-09-03 7.5 CVE-2010-3204
XF
EXPLOIT-DB
MISC
MISC
seagullproject.org -- seagull
Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to (1) Config/Container.php and (2) HTML/QuickForm.php in fog/lib/pear/, the (3) driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the (4) path parameter to fog/lib/pear/DB/NestedSet/Output.php. 2010-09-03 7.5 CVE-2010-3209
XF
EXPLOIT-DB
MISC
seagullproject.org -- seagull
SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO. 2010-09-03 7.5 CVE-2010-3212
XF
EXPLOIT-DB
SECUNIA
MISC
OSVDB
textpattern -- textpattern
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. 2010-09-03 7.5 CVE-2010-3205
XF
EXPLOIT-DB
MISC
xfce -- xfce
** DISPUTED ** Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments. 2010-09-07 7.2 CVE-2009-4996
MISC
MISC
MISC
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- iphone_os
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. 2010-09-09 5.8 CVE-2010-1810
CONFIRM
APPLE
blackboard -- transact_suite
BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field. 2010-09-07 4.6 CVE-2010-3244
CERT-VN
MISC
galeriashqip -- galeriashqip
SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the album_id parameter. NOTE: some of these details are obtained from third party information. 2010-09-03 6.8 CVE-2010-3207
XF
MISC
EXPLOIT-DB
SECUNIA
MISC
OSVDB
google -- chrome
Google Chrome before 6.0.472.53 does not properly handle the _blank value for the target attribute of unspecified elements, which allows remote attackers to bypass the pop-up blocker via unknown vectors. 2010-09-07 4.3 CVE-2010-3246
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 6.0.472.53 does not properly restrict the characters in URLs, which allows remote attackers to spoof the appearance of the URL bar via homographic sequences. 2010-09-07 4.3 CVE-2010-3247
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors. 2010-09-07 5.0 CVE-2010-3248
CONFIRM
CONFIRM
google -- chrome
Unspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors. 2010-09-07 5.0 CVE-2010-3250
CONFIRM
CONFIRM
google -- chrome
The WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. 2010-09-07 4.3 CVE-2010-3251
CONFIRM
CONFIRM
CONFIRM
google -- chrome
Google Chrome before 6.0.472.53 does not properly restrict read access to images, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information via unspecified vectors. 2010-09-07 4.3 CVE-2010-3259
CONFIRM
CONFIRM
hp -- operations_agent
Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors. 2010-09-08 6.8 CVE-2010-3005
SECUNIA
HP
HP
linux -- kernel
The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket. 2010-09-03 4.9 CVE-2010-2954
CONFIRM
XF
VUPEN
MLIST
CONFIRM
MISC
SECUNIA
MLIST
CONFIRM
linux -- kernel
Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9. 2010-09-08 4.7 CVE-2009-4895
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
linux -- kernel
Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors. 2010-09-08 4.9 CVE-2010-2492
CONFIRM
CONFIRM
CONFIRM
linux -- kernel
The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals. 2010-09-08 4.4 CVE-2010-2524
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
microsoft -- outlook_web_access
Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. 2010-09-07 6.8 CVE-2010-3213
XF
BID
EXPLOIT-DB
MISC
mozilla -- firefox
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object. 2010-09-09 6.8 CVE-2010-2762
CONFIRM
CONFIRM
mozilla -- firefox
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function. 2010-09-09 4.3 CVE-2010-2763
CONFIRM
CONFIRM
mozilla -- firefox
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests. 2010-09-09 4.3 CVE-2010-2764
CONFIRM
CONFIRM
mozilla -- firefox
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. 2010-09-09 4.3 CVE-2010-2768
CONFIRM
CONFIRM
mozilla -- firefox
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled. 2010-09-09 4.3 CVE-2010-2769
CONFIRM
CONFIRM
novell -- suse_lifecycle_management_server
Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect. 2010-09-03 4.3 CVE-2010-1325
CONFIRM
XF
BID
CONFIRM
SUSE
novell -- suse_linux
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key. 2010-09-03 5.0 CVE-2010-1507
CONFIRM
CONFIRM
BID
CONFIRM
SUSE
phpmyadmin -- phpmyadmin
Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056. 2010-09-08 4.3 CVE-2010-2958
VUPEN
CONFIRM
CONFIRM
MLIST
SECUNIA
rsa -- access_manager_agent
Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown vectors. 2010-09-09 5.7 CVE-2010-3017
BUGTRAQ
rsa -- access_manager_server
RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.53, and 6.1 before 6.1.2.01 does not properly perform cache updates, which allows remote attackers to obtain sensitive information via unspecified vectors. 2010-09-09 4.3 CVE-2010-3018
BUGTRAQ
twiki -- twiki
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339. 2010-09-07 6.8 CVE-2009-4898
MLIST
MLIST
CONFIRM
wiccle -- wiccle_web_builder
Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle Web Builder (WWB) 1.00 and 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the post_text parameter in a site custom_search action to index.php. NOTE: some of these details are obtained from third party information. 2010-09-03 4.3 CVE-2010-3208
XF
MISC
SECUNIA
OSVDB
xmlswf -- com_picsell
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php. 2010-09-03 5.0 CVE-2010-3203
EXPLOIT-DB
SECUNIA
zope -- zope
ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions. 2010-09-08 4.3 CVE-2010-3198
MLIST
CONFIRM
CONFIRM
CONFIRM
VUPEN
BID
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
blackboard -- transact_suite The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file. 2010-09-072.1 CVE-2010-3245
CERT-VN
MISC
google -- chrome
Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors. 2010-09-072.6 CVE-2010-3256
CONFIRM
CONFIRM
linux -- kernel
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file. 2010-09-031.9 CVE-2010-2226
CONFIRM
BID
CONFIRM
MLIST
MLIST
CONFIRM
MLIST
MLIST
linux -- kernel
The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. 2010-09-081.9 CVE-2010-2066
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
linux -- kernel
The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount. 2010-09-081.9 CVE-2010-2803
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- kernel
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size. 2010-09-083.3 CVE-2010-2955
CONFIRM
MISC
CONFIRM
MLIST
SECUNIA
MLIST
MLIST
MLIST
MLIST
CONFIRM
MISC
mantisbt -- mantisbt
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments. 2010-09-073.5 CVE-2010-2802
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
novell -- identity_manager
The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file. 2010-09-082.1 CVE-2010-3264
VUPEN
CONFIRM
SECUNIA
s9y -- serendipity
Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-09-102.6 CVE-2010-2957
CONFIRM
MLIST
MLIST
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top