U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-340)

Vulnerability Summary for the Week of November 29, 2010

Original release date: December 06, 2010 | Last revised: November 07, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- iphone_os
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. 2010-11-26 7.2 CVE-2010-3830
CONFIRM
APPLE
artica -- pandora_fms
operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php. 2010-12-02 9.0 CVE-2010-4278
BID
CONFIRM
BUGTRAQ
EXPLOIT-DB
artica -- pandora_fms
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter. 2010-12-02 10.0 CVE-2010-4279
BID
MISC
BUGTRAQ
EXPLOIT-DB
artica -- pandora_fms
Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php. 2010-12-02 7.5 CVE-2010-4280
CONFIRM
BID
BUGTRAQ
EXPLOIT-DB
EXPLOIT-DB
artica -- pandora_fms
Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character. 2010-12-02 7.5 CVE-2010-4281
BID
CONFIRM
BUGTRAQ
EXPLOIT-DB
artica -- pandora_fms
Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php. 2010-12-02 7.5 CVE-2010-4282
BID
CONFIRM
BUGTRAQ
EXPLOIT-DB
artica -- pandora_fms
PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter. 2010-12-02 7.5 CVE-2010-4283
BID
CONFIRM
BUGTRAQ
EXPLOIT-DB
awstats -- awstats
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server. 2010-12-02 7.5 CVE-2010-4367
MISC
CONFIRM
awstats -- awstats
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname. 2010-12-02 7.5 CVE-2010-4368
CERT-VN
MISC
MISC
boka -- siteengine
SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter. 2010-12-01 7.5 CVE-2008-7267
BID
BUGTRAQ
MILW0RM
SECUNIA
boka -- siteengine
SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter. 2010-12-01 7.5 CVE-2010-4357
BID
EXPLOIT-DB
SECUNIA
dustincowell -- free_simple_software
SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php. 2010-11-26 7.5 CVE-2010-4298
MISC
BID
BUGTRAQ
harmistechnology -- com_jeajaxeventcalendar
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php. 2010-12-01 7.5 CVE-2010-4365
BID
EXPLOIT-DB
SECUNIA
MISC
jurpo -- jurpopage
SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. 2010-12-01 7.5 CVE-2010-4359
VUPEN
BID
EXPLOIT-DB
SECUNIA
MISC
jurpo -- jurpopage
Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-12-01 7.5 CVE-2010-4360
BID
SECUNIA
linux -- kernel
drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations. 2010-11-26 7.2 CVE-2010-2962
CONFIRM
CONFIRM
CONFIRM
linux -- kernel
The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. 2010-11-26 8.3 CVE-2010-3705
MLIST
MLIST
CONFIRM
CONFIRM
MLIST
CONFIRM
micronetsoft -- rv_dealer_website
Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp. 2010-12-01 7.5 CVE-2010-4362
EXPLOIT-DB
SECUNIA
nullsoft -- winamp
Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow. 2010-12-02 9.3 CVE-2010-2586
BUGTRAQ
MISC
SECUNIA
CONFIRM
CONFIRM
nullsoft -- winamp
Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to have an unspecified impact via a crafted MIDI file that triggers a buffer overflow. NOTE: some of these details are obtained from third party information. 2010-12-02 9.3 CVE-2010-4370
SECUNIA
CONFIRM
CONFIRM
nullsoft -- winamp
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box. 2010-12-02 9.3 CVE-2010-4371
CONFIRM
CONFIRM
nullsoft -- winamp
Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586. 2010-12-02 9.3 CVE-2010-4372
CONFIRM
CONFIRM
site2nite -- big_truck_broker
SQL injection vulnerability in news_default.asp in Site2Nite Big Truck Broker allows remote attackers to execute arbitrary SQL commands via the txtSiteId parameter. 2010-12-01 7.5 CVE-2010-4356
EXPLOIT-DB
SECUNIA
MISC
wireshark -- wireshark
Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption. 2010-11-26 7.5 CVE-2010-4300
CONFIRM
CONFIRM
VUPEN
SECUNIA
OSVDB
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
abk-soft -- chameleon_social_networking
Multiple cross-site scripting (XSS) vulnerabilities in forum_new_topic.php in Chameleon Social Networking allow remote attackers to inject arbitrary web script or HTML via the (1) thread_title and (2) thread_description parameters in a message. 2010-12-01 4.3 CVE-2010-4366
XF
BID
OSVDB
EXPLOIT-DB
SECUNIA
apache -- tomcat
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications. 2010-11-26 4.3 CVE-2010-4172
CONFIRM
CONFIRM
VUPEN
BID
BUGTRAQ
CONFIRM
CONFIRM
CONFIRM
SECTRACK
SECUNIA
FULLDISC
apache -- tomcat
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie. 2010-11-26 6.4 CVE-2010-4312
BUGTRAQ
apple -- iphone_os
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. 2010-11-26 4.3 CVE-2010-3827
CONFIRM
APPLE
apple -- iphone_os
iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. 2010-11-26 4.3 CVE-2010-3828
CONFIRM
APPLE
apple -- iphone_os
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. 2010-11-26 5.8 CVE-2010-3829
CONFIRM
APPLE
apple -- iphone_os
Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action. 2010-11-26 4.3 CVE-2010-3831
CONFIRM
APPLE
apple -- iphone_os
Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field. 2010-11-26 6.8 CVE-2010-3832
CONFIRM
APPLE
awstats -- awstats
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2010-12-02 5.8 CVE-2009-5020
CONFIRM
awstats -- awstats
Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory. 2010-12-02 6.4 CVE-2010-4369
CONFIRM
boka -- siteengine
The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php. 2010-12-01 5.0 CVE-2008-7268
XF
BUGTRAQ
MILW0RM
SECUNIA
boka -- siteengine
Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action. 2010-12-01 5.8 CVE-2008-7269
BID
BUGTRAQ
MILW0RM
cisco -- asa_5500
The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025. 2010-11-30 5.0 CVE-2010-4354
CISCO
dadabik -- dadabik
DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does not include the htmLawed library, which allows remote attackers to bypass the protection mechanism for CVE-2010-4355 and conduct cross-site scripting (XSS) attacks via the (1) html content and (2) rich_editor fields. NOTE: some of these details are obtained from third party information. 2010-12-01 4.3 CVE-2010-4364
XF
BID
CONFIRM
SECUNIA
OSVDB
dustincowell -- free_simple_software
Free Simple Software 1.0 stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. 2010-11-26 5.0 CVE-2010-4311
MISC
BUGTRAQ
freetype -- freetype
Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font. 2010-11-26 6.8 CVE-2010-3814
CONFIRM
CONFIRM
APPLE
CONFIRM
CONFIRM
freetype -- freetype
Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font. 2010-11-26 6.8 CVE-2010-3855
CONFIRM
CONFIRM
CONFIRM
ifdefined -- bugtracker.net
Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information. 2010-12-02 6.5 CVE-2010-3267
MISC
SECUNIA
CONFIRM
jurpo -- jurpopage
Cross-site scripting (XSS) vulnerability in url-gateway.php in Jurpopage 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-12-01 4.3 CVE-2010-4361
BID
SECUNIA
linux -- kernel
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. 2010-11-26 6.2 CVE-2010-2963
CONFIRM
CONFIRM
MISC
CONFIRM
linux -- kernel
The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT). 2010-11-26 4.6 CVE-2010-3698
CONFIRM
CONFIRM
CONFIRM
linux -- kernel
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets. 2010-11-29 4.9 CVE-2010-4249
CONFIRM
MLIST
CONFIRM
MLIST
MLIST
CONFIRM
BID
MLIST
EXPLOIT-DB
MLIST
MLIST
linux -- kernel
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240. 2010-11-30 4.9 CVE-2010-3858
CONFIRM
MLIST
MLIST
CONFIRM
BID
CONFIRM
EXPLOIT-DB
MISC
linux -- kernel
Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c. 2010-11-30 4.7 CVE-2010-4248
CONFIRM
MLIST
MLIST
CONFIRM
BID
CONFIRM
mit -- kerberos
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key. 2010-12-02 4.3 CVE-2010-1324
BUGTRAQ
CONFIRM
mrcgiguy -- guestbook
Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGIGUY (MCG) Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) website, and (4) message parameters. 2010-12-01 4.3 CVE-2010-4358
BID
BUGTRAQ
SECUNIA
MISC
MISC
mrcgiguy -- freeticket
Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) email parameters in a showtickets action. 2010-12-01 6.8 CVE-2010-4363
BID
BUGTRAQ
OSVDB
SECUNIA
MISC
MISC
novo-ws -- orbis_cms
Unrestricted file upload vulnerability in fileman_file_upload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a direct request to the file in uploads/. 2010-12-02 6.0 CVE-2010-4313
MISC
BID
BUGTRAQ
EXPLOIT-DB
nullsoft -- winamp
The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file. 2010-12-02 4.3 CVE-2010-4373
CONFIRM
CONFIRM
nullsoft -- winamp
The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length. 2010-12-02 4.3 CVE-2010-4374
CONFIRM
CONFIRM
phpmyadmin -- phpmyadmin
Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request. 2010-12-02 4.3 CVE-2010-4329
CONFIRM
CONFIRM
CONFIRM
VUPEN
BID
OSVDB
SECUNIA
rsa -- adaptive_authentication
Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in RSA Adaptive Authentication 2.x and 5.7.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. 2010-11-26 4.3 CVE-2008-7266
CONFIRM
VUPEN
SECTRACK
BUGTRAQ
SECUNIA
vtiger -- vtiger_crm
Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree. 2010-11-26 6.0 CVE-2010-3909
MISC
BUGTRAQ
MISC
MISC
SECUNIA
vtiger -- vtiger_crm
Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php. 2010-11-26 6.8 CVE-2010-3910
MISC
BUGTRAQ
MISC
MISC
SECUNIA
vtiger -- vtiger_crm
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index.php, or (3) the label parameter in a Settings GetFieldInfo action to index.php, related to modules/Settings/GetFieldInfo.php. 2010-11-26 4.3 CVE-2010-3911
MISC
BUGTRAQ
MISC
MISC
SECUNIA
webwiz -- web_wiz_newspad
Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb. 2010-12-01 5.0 CVE-2009-5019
XF
EXPLOIT-DB
EXPLOIT-DB
MISC
wireshark -- wireshark
Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP. 2010-11-26 5.0 CVE-2010-3445
CONFIRM
CONFIRM
MISC
MLIST
MLIST
MANDRIVA
BUGTRAQ
wireshark -- wireshark
epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes. 2010-11-26 5.0 CVE-2010-4301
CONFIRM
MISC
CONFIRM
VUPEN
SECUNIA
OSVDB
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
dadabik -- dadabik
Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the select_single parameter. 2010-12-013.5 CVE-2010-4355
XF
BID
CONFIRM
SECUNIA
ifdefined -- bugtracker.net
Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information. 2010-12-023.5 CVE-2010-3266
MISC
SECUNIA
CONFIRM
linux -- kernel
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface." 2010-11-291.9 CVE-2010-4072
MLIST
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
linux -- kernel
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c. 2010-11-291.9 CVE-2010-4073
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
linux -- kernel
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c. 2010-11-291.9 CVE-2010-4074
CONFIRM
MLIST
MLIST
MLIST
MLIST
CONFIRM
MLIST
CONFIRM
linux -- kernel
The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. 2010-11-291.9 CVE-2010-4075
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
MLIST
CONFIRM
MLIST
linux -- kernel
The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. 2010-11-291.9 CVE-2010-4076
CONFIRM
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
linux -- kernel
The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. 2010-11-291.9 CVE-2010-4077
CONFIRM
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
linux -- kernel
The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. 2010-11-291.9 CVE-2010-4078
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
MLIST
CONFIRM
linux -- kernel
The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. 2010-11-291.9 CVE-2010-4079
CONFIRM
MLIST
MLIST
MLIST
MLIST
CONFIRM
MLIST
CONFIRM
linux -- kernel
The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call. 2010-11-301.9 CVE-2010-4080
CONFIRM
MLIST
MLIST
MLIST
MLIST
CONFIRM
MLIST
CONFIRM
linux -- kernel
The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call. 2010-11-301.9 CVE-2010-4081
CONFIRM
MLIST
MLIST
MLIST
MLIST
CONFIRM
MLIST
CONFIRM
linux -- kernel
The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call. 2010-11-301.9 CVE-2010-4082
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
MLIST
MLIST
CONFIRM
linux -- kernel
The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call. 2010-11-301.9 CVE-2010-4083
CONFIRM
MLIST
MLIST
MLIST
MLIST
CONFIRM
MLIST
CONFIRM
mit -- kerberos
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys. 2010-12-022.6 CVE-2010-1323
BUGTRAQ
CONFIRM
mit -- kerberos
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations. 2010-12-023.5 CVE-2010-4020
BUGTRAQ
CONFIRM
mit -- kerberos
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue." 2010-12-022.1 CVE-2010-4021
BUGTRAQ
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top