U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-277)

Vulnerability Summary for the Week of September 27, 2010

Original release date: October 04, 2010 | Last revised: November 07, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
alex_kellner -- powermail
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2010-09-24 7.5 CVE-2010-3604
CONFIRM
CONFIRM
SECUNIA
google -- chrome
Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document. 2010-09-24 9.3 CVE-2010-1772
CONFIRM
CONFIRM
VUPEN
CONFIRM
SECUNIA
SECUNIA
FEDORA
FEDORA
CONFIRM
CONFIRM
google -- chrome
Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r39508, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118. 2010-09-24 9.3 CVE-2010-1773
CONFIRM
CONFIRM
VUPEN
CONFIRM
SECUNIA
SECUNIA
FEDORA
FEDORA
CONFIRM
CONFIRM
google -- chrome
Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098. 2010-09-24 9.3 CVE-2010-1823
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chrome
Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG styles. 2010-09-24 9.3 CVE-2010-1824
CONFIRM
CONFIRM
CONFIRM
google -- chrome
Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements. 2010-09-24 9.3 CVE-2010-1825
CONFIRM
CONFIRM
CONFIRM
invisionpower -- ibphotohost
SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter. 2010-09-24 7.5 CVE-2010-3601
VUPEN
BID
EXPLOIT-DB
MISC
linux -- kernel
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. 2010-09-24 7.2 CVE-2010-3081
CONFIRM
CONFIRM
CONFIRM
MISC
MLIST
SUSE
MISC
CONFIRM
MISC
FULLDISC
FULLDISC
wire_plastic_design -- wpquiz
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php. 2010-09-24 7.5 CVE-2010-3608
BID
EXPLOIT-DB
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
alex_kellner -- powermail
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-09-24 4.3 CVE-2010-3605
CONFIRM
CONFIRM
SECUNIA
bzip -- bzip2
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. 2010-09-28 5.1 CVE-2010-0405
CONFIRM
CONFIRM
UBUNTU
UBUNTU
UBUNTU
REDHAT
CONFIRM
SECUNIA
SECUNIA
MLIST
dietrich_ayala -- nusoap
Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to an arbitrary PHP script that uses NuSOAP classes. 2010-09-28 4.3 CVE-2010-3070
CONFIRM
CONFIRM
BID
MLIST
MLIST
CONFIRM
CONFIRM
MLIST
FEDORA
FEDORA
CONFIRM
CONFIRM
CONFIRM
CONFIRM
dovecot -- dovecot
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs. 2010-09-24 6.4 CVE-2010-3304
MLIST
BID
MLIST
MLIST
SUSE
freepbx -- freepbx
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root. 2010-09-28 6.5 CVE-2010-3490
MISC
BID
BUGTRAQ
MISC
EXPLOIT-DB
google -- chrome
Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation. 2010-09-24 6.8 CVE-2010-1767
CONFIRM
BID
CONFIRM
CONFIRM
SECUNIA
OSVDB
CONFIRM
CONFIRM
hp -- system_management_homepage
Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2010-09-24 4.3 CVE-2010-3283
HP
HP
hp -- system_management_homepage
Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors. 2010-09-24 4.3 CVE-2010-3284
HP
HP
hp -- openview_network_node_manager
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service via unknown vectors. 2010-09-24 5.0 CVE-2010-3285
HP
HP
libtiff -- libtiff
LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. 2010-09-28 6.8 CVE-2010-3087
CONFIRM
CONFIRM
SUSE
netartmedia -- real_estate_portal
Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action parameters. 2010-09-24 6.8 CVE-2010-3606
XF
BID
SECUNIA
MISC
OSVDB
netartmedia -- real_estate_portal
Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the id parameter. 2010-09-24 4.3 CVE-2010-3607
XF
BID
SECUNIA
MISC
OSVDB
pecl-php -- alternative_php_cache
Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2010-09-24 4.3 CVE-2010-3294
VUPEN
MLIST
MLIST
MLIST
CONFIRM
php -- php
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094. 2010-09-28 6.8 CVE-2010-2950
CONFIRM
CONFIRM
CONFIRM
MISC
SUSE
roundup -- roundup
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program. 2010-09-24 4.3 CVE-2010-2491
CONFIRM
BID
MLIST
MLIST
MLIST
SECUNIA
SECUNIA
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRM
rsa -- authentication_agent_for_web
Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors. 2010-09-24 5.0 CVE-2010-3261
BID
BUGTRAQ
salvo_g._tomaselli -- weborf
Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI. 2010-09-24 5.0 CVE-2010-3306
CONFIRM
OSVDB
MLIST
MLIST
EXPLOIT-DB
SECUNIA
CONFIRM
sourcetreesolutions -- mojoportal
Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these details are obtained from third party information. 2010-09-24 4.3 CVE-2010-3602
CONFIRM
XF
BID
EXPLOIT-DB
SECUNIA
MISC
MISC
OSVDB
sourcetreesolutions -- mojoportal
Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information. 2010-09-24 6.8 CVE-2010-3603
CONFIRM
XF
EXPLOIT-DB
SECUNIA
MISC
MISC
OSVDB
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
vmware -- player
The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file. 2010-09-282.1 CVE-2010-3277
VUPEN
CONFIRM
SECTRACK
SECUNIA
MLIST
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top