Vulnerability Summary for the Week of October 4, 2010

Released
Oct 11, 2010
Document ID
SB10-284

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
dustincowell -- free_simple_cmsMultiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) body, (2) footer, (3) header, (4) menu_left, or (5) menu_right parameter.2010-10-057.5CVE-2010-3307
MLIST
MLIST
MISC
SECUNIA
google -- chromeWebKit, as used in Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to have an unknown impact via a malformed SVG document.2010-10-049.3CVE-2010-1822
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.2010-10-059.3CVE-2010-3729
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue.2010-10-059.3CVE-2010-3730
CONFIRM
CONFIRM
ibm -- db2Buffer overflow in the Administration Server component in IBM DB2 UDB 9.5 before FP6a allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.2010-10-0510.0CVE-2010-3731
VUPEN
SECUNIA
CONFIRM
ibm -- db2The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.2010-10-057.2CVE-2010-3733
AIXAPAR
CONFIRM

Back to top


Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
apache -- apr-utilThe apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.2010-10-045.0CVE-2010-1623
VUPEN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
VUPEN
BID
MANDRIVA
CONFIRM
CONFIRM
SECUNIA
apache -- subversionauthz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.2010-10-046.0CVE-2010-3315
CONFIRM
CONFIRM
SECUNIA
ibm -- db2The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.2010-10-055.0CVE-2010-3734
AIXAPAR
CONFIRM
ibm -- db2Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server.2010-10-054.0CVE-2010-3736
AIXAPAR
CONFIRM
ibm -- db2The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery.2010-10-055.0CVE-2010-3738
AIXAPAR
CONFIRM
ibm -- db2_universal_databaseThe audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery.2010-10-056.4CVE-2010-3739
AIXAPAR
CONFIRM
ibm -- db2The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function.2010-10-054.0CVE-2010-3740
AIXAPAR
CONFIRM
linux -- kernelInteger signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.2010-10-046.6CVE-2010-3437
CONFIRM
CONFIRM
BID
MLIST
MLIST
CONFIRM
EXPLOIT-DB
MISC
linux -- kernelMultiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.2010-10-044.7CVE-2010-3442
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
linux -- kernelRace condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by closing a Hypervisor Virtual Console device, related to the hvc_open and hvc_remove functions.2010-10-056.9CVE-2010-2653
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
MLIST
nokia -- qt_creatorQt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.2010-10-046.9CVE-2010-3374
CONFIRM
CONFIRM
VUPEN
VUPEN
BID
MANDRIVA

Back to top


Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublished CVSS ScoreSource & Patch Info
ibm -- db2The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.2010-10-053.5CVE-2010-3732
AIXAPAR
CONFIRM
ibm -- db2The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time.2010-10-052.1CVE-2010-3735
AIXAPAR
CONFIRM
ibm -- db2Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server.2010-10-053.5CVE-2010-3737
AIXAPAR
CONFIRM
joomla -- joomla!Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.2010-10-053.5CVE-2010-2535
MLIST
MLIST
MISC
CONFIRM
rim -- blackberry_desktop_softwareThe offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.2010-10-052.1CVE-2010-3741
MISC
MISC
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.