|
RSA enVision Environmental Variable Disclosure Vulnerability
updated: 28-Jan-12
RSA enVision 4.x contains an environmental variable disclosure vulnerability. The vulnerability could allow an unauthenticated user to gain information about the web system setup.
Upgrade to RSA enVision 4.1 P3 or V4.0 SP4 P5 which contain the resolution for these issues.
EMC NetWorker Buffer Overflow Vulnerability
updated: 28-Jan-12
EMC NetWorker Server 7.5.x and 7.6.x contain a buffer overflow vulnerability which may possibly be exploited to cause a denial of service or, possibly, arbitrary code execution. The vulnerability only impacts EMC NetWorker Server hosts.
Upgrade to EMC NetWorker 7.6.3 SP1 Cumulative Release build 851.
Cisco IronPort Appliances Telnet Remote Code Execution
updated: 28-Jan-12
Cisco IronPort Email Security Appliance (C-Series and X-Series) versions prior to 7.6.0 and Cisco IronPort Security Management Appliance (M-Series) versions prior to 7.8.0 contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges.
Reference
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport
Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability
updated: 28-Jan-12
The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631.
When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer of size 0x108. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account.
Install the update from Symantec.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-018
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
MIT Kerberos 5 Applications: Multiple vulnerabilities
updated: 25-Jan-12
Multiple vulnerabilities have been discovered in MIT Kerberos 5 Applications < 1.0.2-r1: (i) an error in the FTP daemon prevents it from dropping its initial effective group identifier (CVE-2011-1526); and (ii) a boundary error in the telnet daemon and client could cause a buffer overflow (CVE-2011-4862).An unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the user running the telnet daemon or client. Furthermore, an authenticated remote attacker may be able to read or write files owned by the same group as the effective group of the FTP daemon.Upgrade to the latest version.
Reference
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4862
SolarWinds Storage Manager Server SQL Injection Authentication Bypass
updated: 25-Jan-12
The 'LoginServlet' page on port 9000 of the 32-bit SolarWinds Storage Manager Server version 5.1.2 on Windows 2003 is vulnerable to a SQL injection within the 'loginName' field.An attacker can leverage this flaw to bypass authentication to the Storage Manager application or to execute arbitrary SQL commands and extract sensitive information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.
Oracle Outside In OOXML Relationship Tag Parsing Remote Code Execution Vulnerability
updated: 25-Jan-12
The flaw exists within the sccfut.dll component which is used by multiple vendors, most notably the Novell Groupwise E-Mail Client. When opening the OOXML formatted mail attachment for preview the process copies the target of a Relationship tag to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.Install the update to correct this vulnerability.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-017
Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities
updated: 25-Jan-12
Multiple persistent Input Validation vulnerabilities are detected on Barracudas Spam & Virus Web Firewall 600. Local low privileged user account can implement/inject malicious persistent script code. When exploited by an authenticated user, the identified vulnerabilities can lead to information disclosure, access to intranet available servers, manipulated persistent content.
Reference
http://www.vulnerability-lab.com/get_content.php?id=28
Cisco IP Video Phone E20 Default Root Account
updated: 25-Jan-12
Cisco TelePresence Software version TE 4.1.0 contains a default account vulnerability that could allow an unauthenticated, remote attacker to take complete control of the affected device.The vulnerability is due to an architectural change that was made in the way the system maintains administrative accounts. During the process of upgrading a Cisco IP Video Phone E20 device to TE 4.1.0, an unsecured default account may be introduced. An attacker who is able to take advantage of this vulnerability could log in to the device as the root user and perform arbitrary actions with elevated privileges.Install the software updates from Cisco.
Reference
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-te
Cisco Digital Media Manager Privilege Escalation Vulnerability
updated: 25-Jan-12
Cisco Digital Media Manager contains a vulnerability that may allow a remote, authenticated attacker to elevate privileges and obtain full access to the affected system.Cisco Show and Share is not directly affected by this vulnerability.However, because Cisco Show and Share relies on Cisco Digital Media Manager for authentication services, attackers who compromise the Cisco Digital Media Manager may gain full access to Cisco Show and Share.Install the software updates from Cisco.
Reference
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-dmm
EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability
updated: 25-Jan-12
EMC SourceOne Web Search contains a vulnerability that may, under certain circumstances, log sensitive user credential information in plain text to the OS log of the web server. This can potentially be exploited by an unprivileged user with access to log information to gain access to the protected SourceOne components.EMC SourceOne Email Management 6.7 (6.7.2.0017) (SP2) and earlier are affected. Upgrade to versions 6.8 and later.
Apache Tomcat Denial of Service
updated: 25-Jan-12
Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service.The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.Upgrade to the latest version.
Reference
http://tomcat.apache.org/security.html
Apache Tomcat Information disclosure
updated: 25-Jan-12
For performance reasons, information parsed from a request is often cached in two places: the internal request object and the internal processor object. These objects are not recycled at exactly the same time.When certain errors occur that needed to be added to the access log, the access logging process triggers the re-population of the request object after it has been recycled. However, the request object was not recycled before being used for the next request. That lead to information leakage (e.g. remote IP address, HTTP headers) from the previous request to the next request.The issue was resolved be ensuring that the request and response objects were recycled after being re-populated to generate the necessary access log entries.Upgrade to the latest version.
Reference
http://tomcat.apache.org/security.html
MailEnable Webmail Cross-site Scripting
updated: 25-Jan-12
MailEnable Professional and Enterprise versions are prone to cross-site scripting vulnerabilities as the user-supplied input received via "Username" parameter of "ForgottonPassword.aspx" page is not properly sanitized. A specially crafted URL which a user clicks could gain access to the users cookies for webmail or execute other malicious code in users browser in context of the domain in use.MailEnable Professional, Enterprise & Premium 6.02 and earlier are affected. Upgrade to the latest version.
HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability
updated: 25-Jan-12
The specific flaw exists within the way the HP Diagnostics server handles incomming packets with 0x00000000 as the first 32-bit value. The magentservice.exe process listens on port 23472 by default. It will eventually take that first dword, decrease it by one and use it as a size value to copy data into a stack buffer. The resulting stack-based buffer overflow can result in remote code execution under the system user.Restrict access to port 23472 to trusted hosts only.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-016
HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities
updated: 25-Jan-12
The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw that can allow a remote attacker to view any file on the system by simply specifying it in the default URI. Additionally, the pasword file contains a default login that can be used to authenticate to the device. This can be leveraged by a remote attacker to perform any tasks an administrator is able to.Restrict access to the web interface on 80/tcp to authorized hosts only.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-015
HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability
updated: 25-Jan-12
The specific flaw exists within the XMLSimpleAccessor ActiveX control(CLSID: {466576F3-19B6-4FF1-BD48-3E0E1BFB96E9}). By passing an overlong string to the LoadXML() method it is possible to trigger a heap corruption vulnerability. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected machine under the context of the user running the Internet Explorer process.Update to the latest version to correct this vulnerability.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-014
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02949847
HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability
updated: 25-Jan-12
The specific flaw exists within the XMLCacheMgr class ActiveX control (CLSID 6F255F99-6961-48DC-B17E-6E1BCCBC0EE3). TheCacheDocumentXMLWithId() method is vulnerable to directory traversal and arbitrary write, which allows an attacker to write malicious content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.Update to the latest version to correct this vulnerability.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-013
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02949847
McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution
updated: 25-Jan-12
The specific flaws exists within myCIOScn.dll.MyCioScan.Scan.ShowReport() will accept commands that are passed to a function that simply executes them without authentication. This can be leveraged by a malicious attacker to execute arbitrary code within the context of the browser.The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibilty Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveXCompatibility\209EBDEE-065C-11D4-A6B8-00C04F0D38B7If the Compatibility Flags value is set to 0x00000400 the control can no longer be instantiated inside the browser. For more information, please see: http://support.microsoft.com/kb/240797
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-012
Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability
updated: 25-Jan-12
The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 32779. When decoding the xdr encoded caller_name from an NLM_TEST procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.Install the update to correct this vulnerability.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-011
http://download.novell.com/Download?buildid=Cfw1tDezgbw~
Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution
updated: 25-Jan-12
The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.Install the update from Citrix.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-010
http://support.citrix.com/article/CTX130846
Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution
updated: 25-Jan-12
The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020000 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.Install the update from Citrix.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-009
http://support.citrix.com/article/CTX130846
Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution
updated: 25-Jan-12
The specific flaw exists within the streamprocess.exe component which listens for UDP traffic on multiple ports, beginning with 6905. When handling a packet which requests a vDisk name, the user-supplied length value is not properly validated. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.Install the updates from Citrix.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-008
http://support.citrix.com/article/CTX130846
Novell Netware XNFS.NLM STAT Notify Remote Code Execution
updated: 25-Jan-12
The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP and TCP port 32778. When decoding the xdr encoded data from an STAT_NOTIFY procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.Install the updates from Novell.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-007
http://download.novell.com/Download?buildid=Cfw1tDezgbw~
Novell Netware XNFS.NLM NFS Rename Remote Code Execution
updated: 25-Jan-12
The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 2049. When decoding the xdr encoded filename from an NFS_RENAME procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.Install the updates from Novell.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-006
http://download.novell.com/Download?buildid=Cfw1tDezgbw~
Apple Quicktime RLE BGRA Decoding Remote Code Execution
updated: 25-Jan-12
The specific flaw exists within how the application decodes video samples encoded with the RLE codec. When decompressing the sample, the application will fail to accommodate for the canvas the sample is rendered into. This can cause a buffer overflow and thus can be taken advantage of in order to gain code execution under the context of the application.Install the update from Apple.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-005
http://support.apple.com/kb/HT5016
Apple Quicktime JPEG2000 COD Remote Code Execution
updated: 25-Jan-12
The flaw exists within the JP2Deco component which is used when handling an mjp2 sample. This sample format (JPEG2000) has a required COD marker segment (0xff52) followed by a COD length value. When extracting the contents of this section the application subtracts from this length before passing it into a call to memcpy. A remote attacker can exploit this error to execute arbitrary code under the context of the user.Install the update from Apple.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-004
http://support.apple.com/kb/HT5016
HP OpenView NNM webappmon.exe parameter Remote Code Execution
updated: 25-Jan-12
The specific flaw exists within webappmon.exe CGI program. When processing crafted parameters, there exists an insufficient boundary check before supplying a format string with the values, causing a stack overflow. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the target service.Install the update from HP.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-003
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03054052
HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution
updated: 25-Jan-12
The specific flaw exists within ov.dll. When processing a user supplied file name for the textFile option, there exists an insufficient boundary check before supplying the value to a format string within _OVBuildPath, causing a stack overflow. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the target service.Install the update from HP.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-002
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03054052
phpMyAdmi Multiple Vulnerabilities
updated: 25-Jan-12
Multiple vulnerabilities have been discovered in phpMyAdmin < 3.4.9. Remote attackers might be able to insert and execute PHP code, include and execute local PHP files, or perform Cross-Site Scripting (XSS) attacks via various vectors.Upgrade to the latest version.
|
