U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB11-178)

Vulnerability Summary for the Week of June 20, 2011

Original release date: June 27, 2011 | Last revised: February 06, 2013

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
phpnuke -- php-nukeSQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.2011-06-207.5CVE-2011-1480
rockwell -- automation_rslinx_classicBuffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed .eds file.2011-06-229.3CVE-2011-2530
simplemachines -- smfSSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors.2011-06-2010.0CVE-2011-1127
simplemachines -- smfThe loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack.2011-06-207.5CVE-2011-1128
simplemachines -- smfSimple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php.2011-06-207.5CVE-2011-1130
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
brad_fitzpatrick -- djabberdDJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.2011-06-205.0CVE-2011-1757
brad_fitzpatrick -- djabberdXMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.2011-06-224.0CVE-2011-2206
citadel -- citadelmodules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.2011-06-205.0CVE-2011-1756
freedesktop -- dbusThe _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.2011-06-224.6CVE-2011-2200
freedesktop -- dbusThe configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.2011-06-224.4CVE-2011-2533
jabber -- jabberd2jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.2011-06-205.0CVE-2011-1755
jabberd -- jabberd14jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.2011-06-205.0CVE-2011-1754
kbs -- weblygoCross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2011-06-224.3CVE-2011-1330
linux -- kernelThe econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.2011-06-225.0CVE-2011-1173
linux -- kernelBuffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '?' character.2011-06-224.0CVE-2011-2534
matthewwild -- luaexpatLuaExpat before 1.2.0 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.2011-06-204.3CVE-2011-2188
phpnuke -- php-nukeMultiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.2011-06-204.3CVE-2011-1481
phpnuke -- php-nukeMultiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.2011-06-206.8CVE-2011-1482
process-one -- ejabberdexpat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.2011-06-205.0CVE-2011-1753
prosody -- prosodyProsody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.2011-06-225.0CVE-2011-2205
prosody -- prosodyProsody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation) by sending a large amount of data.2011-06-224.3CVE-2011-2531
prosody -- prosodyThe json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service (infinite loop) via invalid JSON data, as demonstrated by truncated data.2011-06-225.0CVE-2011-2532
simplemachines -- smfThe PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search.2011-06-205.0CVE-2011-1131
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
linux -- kernelnet/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '?' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.2011-06-222.1CVE-2011-1170
linux -- kernelnet/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '?' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.2011-06-222.1CVE-2011-1171
linux -- kernelnet/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '?' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.2011-06-222.1CVE-2011-1172
simplemachines -- smfCross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action.2011-06-203.5CVE-2011-1129
Back to top




 

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top