Vulnerability Summary for the Week of December 2, 2013
Released
Dec 09, 2013
Document ID
SB13-343
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| chamilo -- chamilo_lms | SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter. | 2013-12-05 | 7.5 | CVE-2013-6787 |
| cisco -- adaptive_security_appliance | Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861. | 2013-12-02 | 7.1 | CVE-2013-6696 |
| cisco -- ons_15454 | The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote attackers to cause a denial of service (card reset) via crafted (1) TLS or (2) SSLv3 packets, aka Bug ID CSCuh34787. | 2013-12-03 | 7.1 | CVE-2013-6703 |
| cisco -- ios_xe | Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686. | 2013-12-03 | 7.1 | CVE-2013-6704 |
| cybozu -- garoon | SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2013-12-05 | 7.5 | CVE-2013-6001 |
| djvulibre_project -- djvulibre | DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file. | 2013-12-02 | 9.3 | CVE-2012-6535 |
| dokeos -- dokeos | SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php. | 2013-12-05 | 7.5 | CVE-2013-6341 |
| easytimestudio -- file_manager | Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI. | 2013-12-05 | 7.8 | CVE-2013-3921 |
| mybb -- ajax_forum_stat | Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter. | 2013-12-04 | 7.5 | CVE-2013-6936 |
| novell -- opensuse | LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field. | 2013-12-01 | 7.8 | CVE-2012-0425 |
| novell -- suse_linux_enterprise_for_sap_applications | Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory. | 2013-12-01 | 7.2 | CVE-2012-0426 |
| novell -- opensuse | yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name. | 2013-12-01 | 7.2 | CVE-2012-0427 |
| novell -- suse_cloud | The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors. | 2013-12-01 | 10.0 | CVE-2012-0434 |
| novell -- opensuse | The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors. | 2013-12-06 | 7.2 | CVE-2013-1090 |
| osehra -- vista | The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw." | 2013-12-04 | 10.0 | CVE-2013-6945 |
| tattyan -- tattyan_hptown | Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request. | 2013-12-05 | 7.8 | CVE-2013-6000 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alstom -- e-terracontrol | The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over a serial line. | 2013-12-01 | 4.7 | CVE-2013-2818 |
| att -- connect_participant_application | Stack-based buffer overflow in the AT&T Connect Participant Application before 9.5.51 on Windows allows remote attackers to execute arbitrary code via a malformed .SVT file. | 2013-12-04 | 6.8 | CVE-2013-6029 |
| cisco -- prime_collaboration | Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161. | 2013-12-03 | 4.3 | CVE-2013-6690 |
| cisco -- secure_access_control_system | The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274. | 2013-12-02 | 4.0 | CVE-2013-6695 |
| cisco -- ons_15454 | The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902. | 2013-12-04 | 4.3 | CVE-2013-6702 |
| cisco -- ios | The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133. | 2013-12-03 | 6.1 | CVE-2013-6705 |
| claroline -- claroline | Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php. | 2013-12-05 | 4.3 | CVE-2013-6267 |
| cybozu -- garoon | The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | 2013-12-05 | 5.0 | CVE-2013-6002 |
| cybozu -- garoon | CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors. | 2013-12-05 | 4.3 | CVE-2013-6003 |
| cybozu -- garoon | Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors. | 2013-12-05 | 6.8 | CVE-2013-6004 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 4.3 | CVE-2013-6900 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 4.3 | CVE-2013-6901 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 4.3 | CVE-2013-6902 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 4.3 | CVE-2013-6903 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 4.3 | CVE-2013-6904 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 4.3 | CVE-2013-6905 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 4.3 | CVE-2013-6906 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 4.3 | CVE-2013-6907 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 4.3 | CVE-2013-6908 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 4.3 | CVE-2013-6909 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 4.3 | CVE-2013-6910 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 4.3 | CVE-2013-6916 |
| elecsyscorp -- director_industrial_communication_gateway | The DNP3 service in the Outstation component on Elecsys Director Gateway devices with kernel 2.6.32.11ael1 and earlier allows remote attackers to cause a denial of service (CPU consumption and communication outage) via crafted input. | 2013-12-04 | 4.3 | CVE-2013-2825 |
| ganglia -- ganglia-web | Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php. | 2013-12-05 | 4.3 | CVE-2013-6395 |
| ibm -- filenet_content_manager | Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-04 | 4.3 | CVE-2013-5449 |
| ibm -- qradar_security_information_and_event_manager | The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file. | 2013-11-29 | 4.3 | CVE-2013-5463 |
| ibm -- advanced_management_module_firmware | The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface. | 2013-11-30 | 6.4 | CVE-2013-6718 |
| jamroom -- search_module | Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results/all/1/4. | 2013-12-05 | 4.3 | CVE-2013-6804 |
| linux -- linux_kernel | The genlock_dev_ioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted GENLOCK_IOC_EXPORT ioctl call. | 2013-11-29 | 4.9 | CVE-2013-6392 |
| microsoft -- enhanced_mitigation_experience_toolkit | Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming (ROP) attack. | 2013-11-29 | 4.3 | CVE-2013-6791 |
| novell -- suse_manager | Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name. | 2013-12-01 | 4.3 | CVE-2012-0414 |
| novell -- open_enterprise_server | The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009. | 2013-12-01 | 4.3 | CVE-2013-3707 |
| novell -- iprint | The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors. | 2013-11-30 | 5.0 | CVE-2013-3708 |
| opensuse -- zypper | zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable. | 2013-12-01 | 4.4 | CVE-2012-0420 |
| redhat -- jboss_enterprise_application_platform | The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. | 2013-12-06 | 4.9 | CVE-2013-2133 |
| rockmongo -- rockmongo | Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the login page or (2) username parameter in a login.index action to index.php and other unspecified parameters. | 2013-12-05 | 4.3 | CVE-2013-5108 |
| satechi -- smart_travel_router | The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests. | 2013-11-30 | 5.8 | CVE-2013-6918 |
| videocharge -- watermark_master | Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file. | 2013-12-04 | 6.8 | CVE-2013-6935 |
| videocharge -- watermark_master | Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the cols element name attribute in a .wstyle file. | 2013-12-04 | 6.8 | CVE-2013-6937 |
| vmware -- fusion | lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation. | 2013-12-04 | 6.9 | CVE-2013-3519 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| checkpoint -- endpoint_security | Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously. | 2013-11-30 | 3.3 | CVE-2013-5635 |
| checkpoint -- endpoint_security | Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses. | 2013-11-30 | 3.3 | CVE-2013-5636 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 3.5 | CVE-2013-6911 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 3.5 | CVE-2013-6912 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 3.5 | CVE-2013-6913 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 3.5 | CVE-2013-6914 |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2013-12-05 | 3.5 | CVE-2013-6915 |
| ibm -- qradar_security_information_and_event_manager | Cross-site scripting (XSS) vulnerability in the Right Click Plugin context menus in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2013-11-29 | 3.5 | CVE-2013-5448 |
| ibm -- qradar_security_information_and_event_manager | Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2013-11-29 | 3.5 | CVE-2013-6307 |
| samba -- samba | The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake. | 2013-12-03 | 3.6 | CVE-2012-6150 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.