U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB11-073)

Vulnerability Summary for the Week of March 7, 2011

Original release date: March 14, 2011 | Last revised: November 07, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- safari
Unspecified vulnerability in WebKit, as used in Apple Safari 5.0.4 on Mac OS X 10.6.6, allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. 2011-03-10 10.0 CVE-2011-1344
google -- chrome
Google Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors. 2011-03-10 7.5 CVE-2011-1185
google -- chrome
Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2011-03-10 7.5 CVE-2011-1188
google -- chrome
Google Chrome before 10.0.648.127 does not properly perform box layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." 2011-03-10 7.5 CVE-2011-1189
google -- chrome
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs. 2011-03-10 7.5 CVE-2011-1191
google -- chrome
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. 2011-03-10 7.5 CVE-2011-1193
google -- chrome
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling." 2011-03-10 7.5 CVE-2011-1195
google -- chrome
The OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. 2011-03-10 7.5 CVE-2011-1196
google -- chrome
Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." 2011-03-10 7.5 CVE-2011-1197
google -- chrome
The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure." 2011-03-10 7.5 CVE-2011-1198
google -- chrome
Google Chrome before 10.0.648.127 does not properly handle DataView objects, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. 2011-03-10 7.5 CVE-2011-1199
google -- chrome
The context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." 2011-03-10 7.5 CVE-2011-1201
google -- chrome
Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." 2011-03-10 7.5 CVE-2011-1203
google -- chrome
The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2011-03-10 7.5 CVE-2011-1285
google -- chrome
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory. 2011-03-10 7.5 CVE-2011-1286
google -- chrome_os
Unspecified vulnerability in the Scratchpad application in Google Chrome OS before R10 0.10.156.46 Beta has unknown impact and attack vectors. 2011-03-08 10.0 CVE-2011-1306
gplhost -- domain_technologie_control
Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php. 2011-03-07 7.5 CVE-2011-0434
ibm -- websphere_application_server
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. 2011-03-08 7.5 CVE-2011-1309
ibm -- tivoli_netcool/omnibus
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters." 2011-03-09 7.5 CVE-2011-1343
microsoft -- remote_desktop_connection_client
Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability." 2011-03-09 9.3 CVE-2011-0029
microsoft -- windows_media_center_tv_pack
Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability." 2011-03-09 9.3 CVE-2011-0032
microsoft -- windows_media_center_tv_pack
SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." 2011-03-09 9.3 CVE-2011-0042
microsoft -- ie
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. 2011-03-10 10.0 CVE-2011-1345
microsoft -- ie
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. 2011-03-10 10.0 CVE-2011-1346
microsoft -- ie
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. 2011-03-10 8.8 CVE-2011-1347
novell -- vibe_onprem
Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors. 2011-03-09 10.0 CVE-2011-0464
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
alcatel-lucent -- omnipcx
Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP headers. 2011-03-08 5.8 CVE-2011-0344
focalmedia.net -- quick_polls
Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php. 2011-03-09 5.8 CVE-2011-1099
google -- chrome
Google Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code. 2011-03-10 5.0 CVE-2011-1186
google -- chrome
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." 2011-03-10 5.0 CVE-2011-1187
google -- chrome
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." 2011-03-10 5.0 CVE-2011-1190
google -- chrome
Google Chrome before 10.0.648.127 on Linux does not properly handle Unicode ranges, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. 2011-03-10 5.0 CVE-2011-1192
google -- chrome
Multiple unspecified vulnerabilities in Google Chrome before 10.0.648.127 allow remote attackers to bypass the pop-up blocker via unknown vectors. 2011-03-10 5.0 CVE-2011-1194
google -- chrome
Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. 2011-03-10 6.8 CVE-2011-1200
google -- chrome
Unspecified vulnerability in the XSLT implementation in Google Chrome before 10.0.648.127 allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors. 2011-03-10 5.0 CVE-2011-1202
google -- chrome
Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document. 2011-03-10 6.8 CVE-2011-1204
google -- chrome
Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages. 2011-03-10 5.0 CVE-2011-1413
gplhost -- domain_technologie_control
Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request. 2011-03-07 5.0 CVE-2011-0435
gplhost -- domain_technologie_control
The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. 2011-03-07 5.0 CVE-2011-0436
gplhost -- domain_technologie_control
shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action. 2011-03-07 4.0 CVE-2011-0437
ibm -- websphere_application_server
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2011-03-08 4.3 CVE-2011-1308
ibm -- websphere_application_server
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service. 2011-03-08 6.0 CVE-2011-1311
ibm -- websphere_application_server
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role. 2011-03-08 4.0 CVE-2011-1312
ibm -- websphere_application_server
Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call. 2011-03-08 5.0 CVE-2011-1313
ibm -- websphere_application_server
The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager. 2011-03-08 5.0 CVE-2011-1314
ibm -- websphere_application_server
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call. 2011-03-08 5.0 CVE-2011-1315
ibm -- websphere_application_server
The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages. 2011-03-08 5.0 CVE-2011-1316
ibm -- websphere_application_server
Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses. 2011-03-08 5.0 CVE-2011-1317
ibm -- websphere_application_server
Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted. 2011-03-08 5.0 CVE-2011-1318
ibm -- websphere_application_server
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) token for authentication. 2011-03-08 4.0 CVE-2011-1319
ibm -- websphere_application_server
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation. 2011-03-08 6.8 CVE-2011-1320
ibm -- websphere_application_server
The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO). 2011-03-08 6.5 CVE-2011-1321
ibm -- websphere_application_server
The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages. 2011-03-08 5.0 CVE-2011-1322
mozilla -- firefox
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. 2011-03-07 6.8 CVE-2011-0064
symantec -- altiris_deployment_solution
The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method. 2011-03-07 6.8 CVE-2009-3028
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
alcatel-lucent -- omnivista
Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable. 2011-03-083.3 CVE-2011-0345
apple -- mac_os_x
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files. 2011-03-041.9 CVE-2011-1073
freebsd -- freebsd
crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname. 2011-03-041.9 CVE-2011-1074
hp -- multifunction_peripheral_digital_sending_software
HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91.00 does not properly configure authentication settings of managed devices within device templates, which allows attackers to access these devices via actions that were intended to require authentication. 2011-03-072.1 CVE-2011-0279
ibm -- websphere_application_server
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173. 2011-03-082.1 CVE-2011-1307
ibm -- websphere_application_server
The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files. 2011-03-081.9 CVE-2011-1310
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top