U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB11-010)

Vulnerability Summary for the Week of January 3, 2011

Original release date: January 10, 2011 | Last revised: November 07, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cisco -- adaptive_security_appliance_software
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526. 2011-01-07 7.8 CVE-2010-4670
MISC
CONFIRM
MISC
MISC
MISC
cisco -- ios
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534. 2011-01-07 7.8 CVE-2010-4671
MISC
CONFIRM
MISC
MISC
MISC
cisco -- adaptive_security_appliance_software
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269. 2011-01-07 7.8 CVE-2010-4672
CONFIRM
cisco -- adaptive_security_appliance_software
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316. 2011-01-07 7.8 CVE-2010-4673
CONFIRM
cisco -- adaptive_security_appliance_software
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992. 2011-01-07 7.8 CVE-2010-4674
CONFIRM
cisco -- adaptive_security_appliance_software
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest security level interface," aka Bug ID CSCsv40504. 2011-01-07 9.0 CVE-2010-4675
CONFIRM
cisco -- adaptive_security_appliance_software
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769. 2011-01-07 7.5 CVE-2010-4678
CONFIRM
cisco -- adaptive_security_appliance_software
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816. 2011-01-07 7.8 CVE-2010-4679
CONFIRM
cisco -- adaptive_security_appliance_software
The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777. 2011-01-07 9.0 CVE-2010-4680
CONFIRM
cisco -- adaptive_security_appliance_software
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901. 2011-01-07 7.5 CVE-2010-4681
CONFIRM
cisco -- adaptive_security_appliance_software
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (memory consumption) by making multiple incorrect LDAP authentication attempts, aka Bug ID CSCtf29867. 2011-01-07 7.8 CVE-2010-4682
CONFIRM
cisco -- ios
Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336. 2011-01-07 7.8 CVE-2009-5038
CONFIRM
cisco -- ios
Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535. 2011-01-07 7.8 CVE-2009-5039
CONFIRM
linux -- kernel
The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164. 2011-01-03 7.8 CVE-2010-3873
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
MLIST
MLIST
linux -- kernel
Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873. 2011-01-03 7.8 CVE-2010-4164
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
microsoft -- windows_2003_server
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. 2011-01-07 7.8 CVE-2010-4669
MISC
MISC
MISC
MISC
redhat -- evince
Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. 2011-01-07 7.6 CVE-2010-2640
CONFIRM
CONFIRM
SECUNIA
videolan -- vlc_media_player
Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow. 2011-01-03 9.3 CVE-2010-3907
CONFIRM
CONFIRM
VUPEN
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cisco -- adaptive_security_appliance_software
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911. 2011-01-07 5.0 CVE-2009-5037
MISC
MISC
CONFIRM
cisco -- adaptive_security_appliance_software
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748. 2011-01-07 6.8 CVE-2010-4676
CONFIRM
cisco -- adaptive_security_appliance_software
emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416. 2011-01-07 5.0 CVE-2010-4677
CONFIRM
cisco -- ios
CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. 2011-01-07 6.8 CVE-2009-5040
CONFIRM
linux -- kernel
drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the X.Org X server is used, does not properly restrict access to the video output control state, which allows local users to cause a denial of service (system hang) via a (1) read or (2) write operation. 2011-01-03 4.0 CVE-2010-3448
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
linux -- kernel
Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. 2011-01-03 4.7 CVE-2010-4162
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
linux -- kernel
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device. 2011-01-03 4.7 CVE-2010-4163
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
linux -- kernel
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163. 2011-01-03 4.7 CVE-2010-4668
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
MLIST
MLIST
linux -- kernel
Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call. 2011-01-07 6.9 CVE-2010-4160
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
MLIST
CONFIRM
MLIST
mantisbt -- mantisbt
Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. 2011-01-03 4.3 CVE-2010-4348
CONFIRM
MISC
MLIST
MLIST
CONFIRM
CONFIRM
mantisbt -- mantisbt
admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. 2011-01-03 5.0 CVE-2010-4349
CONFIRM
MISC
MLIST
MLIST
CONFIRM
CONFIRM
mantisbt -- mantisbt
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. 2011-01-03 5.1 CVE-2010-4350
CONFIRM
MISC
CONFIRM
MLIST
MLIST
CONFIRM
mhonarc -- mhonarc
MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524. 2011-01-03 5.0 CVE-2010-1677
VUPEN
MLIST
CONFIRM
mhonarc -- mhonarc
Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences. 2011-01-03 4.3 CVE-2010-4524
CONFIRM
MLIST
MLIST
MLIST
VUPEN
BID
MLIST
CONFIRM
MLIST
CONFIRM
pidgin -- libpurple
directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session. 2011-01-07 4.0 CVE-2010-4528
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
SECUNIA
wordpress -- wordpress
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form. 2011-01-03 4.3 CVE-2010-4536
MLIST
CONFIRM
CONFIRM
VUPEN
SECUNIA
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
linux -- kernel
The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. 2011-01-031.9 CVE-2010-3875
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
linux -- kernel
net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures. 2011-01-031.9 CVE-2010-3876
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
MLIST
linux -- kernel
The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. 2011-01-031.9 CVE-2010-3877
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top