U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB11-003)

Vulnerability Summary for the Week of December 27, 2010

Original release date: January 03, 2011 | Last revised: February 06, 2013

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
clear -- clearspot_firmwareMultiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi.2010-12-309.3CVE-2010-4507
MISC
EXPLOIT-DB
html-edit -- cmsSQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action.2010-12-297.5CVE-2010-4609
MISC
EXPLOIT-DB
SECUNIA
hycus -- hycus_cmsMultiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php.2010-12-297.5CVE-2010-4613
BID
MISC
EXPLOIT-DB
ibm -- rational_clearquestMultiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files.2010-12-2910.0CVE-2010-4601
AIXAPAR
SECUNIA
ibm -- tivoli_storage_managerStack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.2010-12-297.2CVE-2010-4604
VUPEN
BUGTRAQ
MISC
MISC
CONFIRM
EXPLOIT-DB
AIXAPAR
SECTRACK
SECUNIA
ibm -- tivoli_storage_managerUnspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary commands via unknown vectors, related to a "script execution vulnerability."2010-12-2910.0CVE-2010-4606
VUPEN
CONFIRM
AIXAPAR
SECTRACK
SECUNIA
intendance -- mysource_matrixSQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter.2010-12-307.5CVE-2010-4639
XF
BID
EXPLOIT-DB
MISC
iskenderaltuntas -- oto_galeri_sistemiMultiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp.2010-12-297.5CVE-2010-4615
XF
BID
EXPLOIT-DB
SECUNIA
linux -- kernelThe ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.2010-12-307.2CVE-2010-3850
CONFIRM
MLIST
CONFIRM
CONFIRM
FULLDISC
linux -- kernelThe aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.2010-12-307.1CVE-2010-4342
MLIST
MLIST
CONFIRM
CONFIRM
MLIST
MLIST
mhproducts -- ero_auktionSQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723.2010-12-297.5CVE-2010-4614
BID
EXPLOIT-DB
SECUNIA
pilotcart -- pilot_cartMultiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.2010-12-307.5CVE-2010-4632
BID
EXPLOIT-DB
SECUNIA
MISC
FULLDISC
MISC
redhat -- jboss_enterprise_application_platformThe serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer.2010-12-307.5CVE-2010-3708
MISC
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
SECTRACK
site2nite -- vacation_rental_listingsSQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.2010-12-307.5CVE-2010-4635
XF
BID
EXPLOIT-DB
SECUNIA
MISC
OSVDB
site2nite -- business_e-listingsSQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.2010-12-307.5CVE-2010-4636
XF
BID
EXPLOIT-DB
SECUNIA
OSVDB
sumeffect -- digishopSQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1.2010-12-307.5CVE-2010-4633
XF
BID
EXPLOIT-DB
MISC
webscripti -- mafya_oyun_scrptiSQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.2010-12-297.5CVE-2010-4619
XF
BID
EXPLOIT-DB
SECUNIA
xwiki -- xwikiSQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2010-12-307.5CVE-2010-4641
XF
CONFIRM
BID
OSVDB
SECUNIA
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
rational -- clearquestIBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference.2010-12-296.5CVE-2010-4603
CONFIRM
AIXAPAR
CONFIRM
html-edit web servicesHtml-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to (1) pages.php and (2) menu.php in includes/core_files and (3) extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message.2010-12-295.0CVE-2010-4611
MISC
EXPLOIT-DB
algisinfo -- aicontactsafeCross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-12-294.3CVE-2010-4618
BID
CONFIRM
CONFIRM
SECUNIA
dojofoundation -- dojo_toolkitDojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue.2010-12-295.0CVE-2010-4600
AIXAPAR
SECUNIA
CONFIRM
finalcut -- feedlistCross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.2010-12-304.3CVE-2010-4637
XF
MISC
SECUNIA
MISC
OSVDB
fubra -- wp-survey-and-quiz-toolCross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.2010-12-304.3CVE-2010-4630
XF
MISC
SECUNIA
MISC
OSVDB
habariproject -- habariHabari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an error message.2010-12-295.0CVE-2010-4608
MISC
EXPLOIT-DB
CONFIRM
html-edit -- cmsCross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter.2010-12-294.3CVE-2010-4610
MISC
EXPLOIT-DB
SECUNIA
hycus -- cmsMultiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information.2010-12-296.8CVE-2010-4612
BID
BUGTRAQ
MISC
MISC
MISC
MISC
EXPLOIT-DB
SECUNIA
ibm -- rational_clearquestThe Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark.2010-12-294.0CVE-2010-4602
AIXAPAR
CONFIRM
ibm -- tivoli_storage_managerUnspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors.2010-12-296.6CVE-2010-4605
VUPEN
CONFIRM
AIXAPAR
SECTRACK
SECUNIA
ibm -- tivoli_access_manager_for_e-businessDirectory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.2010-12-305.0CVE-2010-4622
XF
VUPEN
BID
OSVDB
CONFIRM
SECTRACK
SECUNIA
ibm -- tivoli_access_manager_for_e-businessWebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions.2010-12-306.8CVE-2010-4623
CONFIRM
impresscms -- impresscmsCross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter.2010-12-294.3CVE-2010-4616
CONFIRM
BUGTRAQ
MISC
SECUNIA
iptechinside -- com_jquarks4sSQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.2010-12-306.8CVE-2010-4638
EXPLOIT-DB
SECUNIA
MISC
joomla -- com_jotloaderDirectory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.2010-12-295.0CVE-2010-4617
XF
EXPLOIT-DB
MISC
linux -- kernelMultiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c.2010-12-296.9CVE-2010-3859
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
CONFIRM
MLIST
linux -- kernelHeap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation.2010-12-296.2CVE-2010-3874
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
linux -- kerneldrivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.2010-12-294.7CVE-2010-4343
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
linux -- kernelStack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures.2010-12-306.9CVE-2010-3848
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- kernelThe econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.2010-12-304.7CVE-2010-3849
CONFIRM
MLIST
CONFIRM
CONFIRM
FULLDISC
linux -- linux_kernelThe udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158.2010-12-304.9CVE-2010-4161
CONFIRM
MLIST
CONFIRM
BUGTRAQ
linux -- kernelThe do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.2010-12-306.2CVE-2010-4258
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
FULLDISC
livezilla -- livezillaCross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php.2010-12-304.3CVE-2010-4276
VUPEN
BID
FULLDISC
mitsu_hiro_hi_rose -- attachecaseUntrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory.2010-12-306.9CVE-2010-3923
CONFIRM
SECUNIA
JVNDB
JVN
mybb -- mybbMultiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php.2010-12-304.3CVE-2010-4522
CONFIRM
MLIST
MLIST
mybb -- mybbMyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.2010-12-305.0CVE-2010-4625
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
MISC
mybb -- mybbThe my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.2010-12-305.1CVE-2010-4626
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
mybb -- mybbCross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.2010-12-306.8CVE-2010-4627
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
mybb -- mybbmember.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table.2010-12-305.0CVE-2010-4628
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
mybb -- mybbMyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php.2010-12-305.0CVE-2010-4629
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
novell -- iprint_clientStack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via vectors related to the GetDriverSettings method.2010-12-306.8CVE-2010-4321
MISC
BID
CONFIRM
osticket -- osticket** DISPUTED ** Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party.2010-12-305.0CVE-2010-4634
BID
EXPLOIT-DB
MLIST
MLIST
MISC
pilotcart -- pilot_cartMultiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.2010-12-304.3CVE-2010-4631
XF
BID
EXPLOIT-DB
SECUNIA
MISC
FULLDISC
MISC
redhat -- jboss_enterprise_application_platformCross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.2010-12-304.3CVE-2010-3878
CONFIRM
REDHAT
REDHAT
REDHAT
SECTRACK
xwiki -- xwiki_watchMultiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2010-12-304.3CVE-2010-4640
XF
XF
BID
OSVDB
OSVDB
OSVDB
SECUNIA
xwiki -- xwikiCross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2010-12-304.3CVE-2010-4642
XF
CONFIRM
BID
OSVDB
SECUNIA
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
freedesktop -- dbusStack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.2010-12-302.1CVE-2010-4352
CONFIRM
CONFIRM
MLIST
MLIST
FEDORA
CONFIRM
VUPEN
BID
MISC
SECUNIA
SECUNIA
MLIST
habariproject -- habariMultiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.2010-12-292.6CVE-2010-4607
MISC
MISC
EXPLOIT-DB
CONFIRM
SECUNIA
linux -- kernelThe bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename.2010-12-292.1CVE-2010-4565
MISC
MLIST
MLIST
MLIST
MLIST
BID
MLIST
MLIST
MLIST
MLIST
linux -- kernelThe sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.2010-12-302.1CVE-2010-4158
CONFIRM
MLIST
CONFIRM
BID
BUGTRAQ
BUGTRAQ
CONFIRM
FULLDISC
mybb -- mybbMyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.2010-12-303.5CVE-2010-4624
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
redhat -- jboss_enterprise_application_platformThe org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data.2010-12-302.6CVE-2010-3862
CONFIRM
CONFIRM
MISC
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
SECTRACK
redhat -- jboss_enterprise_application_platformThe org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier.2010-12-302.6CVE-2010-4265
CONFIRM
MISC
CONFIRM
REDHAT
REDHAT
SECTRACK
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top