U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-333)

Vulnerability Summary for the Week of November 22, 2010

Original release date: November 29, 2010 | Last revised: November 07, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- mod_fcgid
The apr_status_t fcgid_header_bucket_read function in fcgid_bucket.c in Apache mod_fcgid before 2.3.6 does not use bytewise pointer arithmetic in certain circumstances, which has unknown impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite." 2010-11-22 7.2 CVE-2010-3872
CONFIRM
XF
VUPEN
VUPEN
MLIST
SECUNIA
SECUNIA
OSVDB
FEDORA
FEDORA
FEDORA
apple -- safari
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. 2010-11-22 9.3 CVE-2010-3803
CONFIRM
APPLE
apple -- safari
Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. 2010-11-22 9.3 CVE-2010-3805
CONFIRM
APPLE
apple -- safari
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. 2010-11-22 9.3 CVE-2010-3808
CONFIRM
APPLE
apple -- safari
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. 2010-11-22 9.3 CVE-2010-3809
CONFIRM
APPLE
apple -- safari
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. 2010-11-22 9.3 CVE-2010-3811
CONFIRM
APPLE
apple -- safari
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects. 2010-11-22 9.3 CVE-2010-3812
CONFIRM
APPLE
apple -- safari
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. 2010-11-22 9.3 CVE-2010-3816
CONFIRM
APPLE
apple -- safari
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. 2010-11-22 9.3 CVE-2010-3817
CONFIRM
APPLE
apple -- safari
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. 2010-11-22 9.3 CVE-2010-3818
CONFIRM
APPLE
apple -- safari
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. 2010-11-22 9.3 CVE-2010-3819
CONFIRM
APPLE
apple -- safari
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. 2010-11-22 9.3 CVE-2010-3820
CONFIRM
APPLE
apple -- safari
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2010-11-22 9.3 CVE-2010-3821
CONFIRM
APPLE
apple -- safari
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. 2010-11-22 9.3 CVE-2010-3822
CONFIRM
APPLE
apple -- safari
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. 2010-11-22 9.3 CVE-2010-3823
CONFIRM
APPLE
apple -- safari
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. 2010-11-22 9.3 CVE-2010-3824
CONFIRM
APPLE
apple -- safari
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. 2010-11-22 9.3 CVE-2010-3826
CONFIRM
APPLE
freebsd -- freebsd
The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs. 2010-11-22 7.2 CVE-2010-4210
XF
VUPEN
SECTRACK
FREEBSD
SECUNIA
linux -- kernel
The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic. 2010-11-22 7.8 CVE-2010-3432
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
BID
CONFIRM
novell -- zenworks_handheld_management
Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400. 2010-11-22 9.3 CVE-2010-4299
FULLDISC
FULLDISC
SECTRACK
CONFIRM
SECUNIA
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- safari
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. 2010-11-22 5.0 CVE-2010-3804
CONFIRM
APPLE
apple -- safari
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. 2010-11-22 4.3 CVE-2010-3810
CONFIRM
APPLE
apple -- safari
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to bypass the DNS prefetching setting via an HTML LINK element, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality. 2010-11-22 5.8 CVE-2010-3813
CONFIRM
APPLE
linux -- kernel
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer. 2010-11-22 4.9 CVE-2010-4165
CONFIRM
CONFIRM
MLIST
MLIST
OSVDB
MLIST
MLIST
CONFIRM
linux -- kernel
Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call. 2010-11-22 4.9 CVE-2010-4169
CONFIRM
MLIST
MLIST
CONFIRM
XF
BID
CONFIRM
pgp -- desktop_for_mac
PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue. 2010-11-22 4.3 CVE-2010-3618
CERT-VN
CONFIRM
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top