Vol. 12, Num. 10
This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
— | —
Third Party Windows Apps 7
Linux 1
Cross Platform 7 (#1,#2)
Web Application - Cross Site Scripting 1
Web Application - SQL Injection | 1
Web Application | 5
Network Device 1
Hardware 1
Part I – Critical Vulnerabilities from HP TippingPoint (dvlabs.tippingpoint.com)
Widely Deployed Software
(1) HIGH: Adobe Flash Player Multiple Vulnerabilities
(2) MEDIUM: Google Chrome Multiple Vulnerabilities
Part II – Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)
Third Party Windows Apps
12.10.1 - NetDecision HTTP Server Stack-Based Buffer Overflow
12.10.2 - Novell Groupwise Client Address Book Parsing Remote Code Execution
12.10.3 - IBM Tivoli Provisioning Manager Express ActiveX Control Remote Code Execution
12.10.4 - FlashFXP Multiple Buffer Overflow Vulnerabilities
12.10.5 - Splash PRO “.avi” File Denial of Service
12.10.6 - TwinCAT Scope Heap-Based Buffer Overflow
12.10.7 - XArrow Multiple Remote Denial of Service Vulnerabilities
Linux
12.10.8 - LightDM Arbitrary File Access
12.10.9 - Ruby on Rails Multiple Cross-Site Scripting Vulnerabilities
12.10.10 - Parallels Plesk Panel Unspecified Remote Security Vulnerability
12.10.11 - Google Chrome Multiple Security Vulnerabilities
12.10.12 - Novell ZENworks Configuration Management Unspecified Vulnerability
12.10.13 - Adobe Flash Player Multiple Vulnerabilities
12.10.14 - RSA SecurID Software Token Converter Buffer Overflow
12.10.15 - FreeType Multiple Remote Vulnerabilities
Web Application - Cross Site Scripting
12.10.16 - ZB BLOCK Multiple Cross-Site Scripting Vulnerabilities
Web Application - SQL Injection
12.10.17 - OpenX “sessionID” SQL Injection
Web Application
12.10.18 - LDAP Account Manager Pro Cross-Site Scripting and HTML Injection Vulnerabilities
12.10.19 - CMS Builder Multiple HTML Injection Vulnerabilities
12.10.20 - Open Realty “select_users_template” Parameter Local File Include
12.10.21 - Symfony2 XML Parsing Local File Disclosure
12.10.22 - MantisBT Multiple Security Bypass Vulnerabilities
Network Device
12.10.23 - Cisco Wireless LAN Controller Multiple Vulnerabilities
Hardware
12.10.24 - Cisco TelePresence Video Communication Server Session Denial of Service Vulnerabilities
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company’s continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint’s analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process
(1) HIGH: Adobe Flash Player Multiple Vulnerabilities
Affected:
Adobe Flash Player for Windows, Macintosh, Linux and Solaris 11.1.102.62
and prior
Description: Adobe has released patches for multiple vulnerabilities
affecting its flash player. The problems include unspecified memory
corruption and integer handling errors. By enticing a target to view a
malicious page, an attacker can exploit these vulnerabilities in order
to execute arbitrary code on the target’s machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.adobe.com
Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb12-05.html
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/52297
http://www.securityfocus.com/bid/52299
(2) MEDIUM: Google Chrome Multiple Vulnerabilities
Affected:
Google Chrome prior to 17.0.963.65
Description: Google has released patches addressing multiple security
vulnerabilities in its Chrome web browser. The vulnerabilities include
multiple unspecified use-after-free vulnerabilities in its handling of
SVG and HTML, a bad cast, and a buffer-overflow. The details of these
vulnerabilities are not known, but by enticing a target to view a
malicious page, it is possible that an attacker can exploit these
vulnerabilities in order to execute arbitrary code on the target’s
machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.google.com
Google Stable Channel Update
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/52271
http://www.securityfocus.com/bid/52037
http://www.securityfocus.com/bid/52032
http://www.securityfocus.com/bid/52033
http://www.securityfocus.com/bid/52034
http://www.securityfocus.com/bid/52035
http://www.securityfocus.com/bid/52036
http://www.securityfocus.com/bid/52040
Part II – Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)
This list is compiled by Qualys (www.qualys.com) as part of that
company’s ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 13467 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.
12.10.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: NetDecision HTTP Server Stack-Based Buffer Overflow
Description: NetDecision is an integrated network, system, application
and datacenter monitoring software. The application is exposed to a
stack-based buffer overflow issue. This issue occurs due to a boundary
error in the HTTP server when handling web requests. NetDecision
4.5.1 is vulnerable; other versions may also be affected.
Ref: http://www.netmechanica.com/news/?news_id=26
http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_Vuln.txt
12.10.2 CVE: CVE-2011-4189
Platform: Third Party Windows Apps
Title: Novell Groupwise Client Address Book Parsing Remote Code Execution
Description: Novell GroupWise Client allows users to access Novell
services from remote computers. Novell GroupWise Client is exposed to a
remote code execution issue. Specifically, the issue is triggered when
a specially crafted Novell Address Book (*.NAB) file with an overly long
email address is processed. Novell GroupWise 8.0x through 8.02HP3 are
affected. Ref:
http://www.novell.com/support/viewContent.do?externalId=7010205
http://www.securityfocus.com/bid/52233/discuss
12.10.3 CVE: CVE-2012-0199
Platform: Third Party Windows Apps
Title: IBM Tivoli Provisioning Manager Express ActiveX Control Remote
Code Execution
Description: IBM Tivoli Provisioning Manager Express for Software
Distribution is an application for inventory and software distribution
management. The application is exposed to a remote code execution issue
due to an unsafe call to the “strcat” function. The problem affects
the “RunAndUploadFile” method of the “Isig.isigCtl.1” ActiveX control
used to create an Asset Information file. IBM Tivoli Provisioning
Manager Express for Software Distribution 4.1.1 is affected.
Ref:
http://www.zerodayinitiative.com/advisories/ZDI-12-040/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+ZDI-Published-Advisories+%28Zero+Day+Initiative+Published+Advisories%29&utm_content=F
http://www.securityfocus.com/bid/52252/discuss
12.10.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: FlashFXP Multiple Buffer Overflow Vulnerabilities
Description: FlashFXP is an FTP server for use on Microsoft Windows
operating systems. FlashFXP is exposed to multiple buffer overflow
issues that affect the “TListBox” and “TComboBox” controls. FlashFXP
4.1.8.1701 is vulnerable and other versions may also be affected.
Ref: http://www.vulnerability-lab.com/get_content.php?id=462
http://www.securityfocus.com/bid/52259/discuss
12.10.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Splash PRO “.avi” File Denial of Service
Description: Splash PRO is a multimedia player available for Microsoft
Windows. Splash PRO is exposed to a denial of service issue.
Specifically the application fails to handle specially crafted “.avi”
files. Splash PRO 1.12.1 is vulnerable and other versions may also be
affected.
Ref: http://packetstormsecurity.org/files/110414/splashpro-dos.txt
http://www.securityfocus.com/bid/52273/discuss
12.10.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: TwinCAT Scope Heap Based Buffer Overflow
Description: TwinCAT Scope is software for monitoring and controlling
SCADA automation equipment and process products. The application is
exposed to a heap-based buffer overflow issue because it fails to
properly validate user supplied input. Specifically, the issue occurs
in “TCatScopeView.exe” when processing a specially crafted “SVW” file.
TwinCAT Scope 2.9.0.226 is vulnerable and other versions may also be
affected.
Ref: http://www.securityfocus.com/bid/52294/discuss
12.10.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: XArrow Multiple Remote Denial of Service Vulnerabilities
Description: XArrow is a SCADA/HMI product. XArrow is exposed to the
following remote denial of service issues. 1) A NULL pointer
dereference issue. 2) A heap-based memory corruption issue. 3) An
invalid read access issue and a memory corruption issue. XArrow 3.2
and prior versions are affected.
Ref: http://aluigi.org/adv/xarrow_1-adv.txt
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-065-01.pdf
12.10.8 CVE: Not Available
Platform: Linux
Title: LightDM Arbitrary File Access
Description: Light Display Manager (LightDM) is a cross desktop
display manager. The application is exposed to an arbitrary file
access issue because it leaks several file descriptors to the child
process. Light Display Manager (LightDM) 1.0.6-3 is vulnerable. Other
versions may also be affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658678
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/927060
12.10.9 CVE: Not Available
Platform: Cross Platform
Title: Ruby on Rails Multiple Cross-Site Scripting Vulnerabilities
Description: Ruby on Rails is a web application framework for multiple
platforms. The application is exposed to multiple cross-site scripting
issues. The issues exist because the application fails to validate
user supplied data submitted to the “SafeBuffer” objects and “Select”
tag options. Ruby on Rails versions prior to 3.2.2, 3.1.4, and 3.0.12
are affected.
Ref:
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913
https://bugzilla.redhat.com/show_bug.cgi?id=799275
https://bugs.gentoo.org/show_bug.cgi?id=406547
12.10.10 CVE: Not Available
Platform: Cross Platform
Title: Parallels Plesk Panel Unspecified Remote Security Vulnerability
Description: Parallels Plesk Panel is a website creation and
management application. Parallels Plesk Panel is exposed to an
unspecified remote security issue that allows attackers to gain
unauthorized administrative access to the application. Parallels Plesk
Panel versions 7.6.1 through 10.3.1 are affected.
Ref: http://kb.parallels.com/en/113321
http://www.securityfocus.com/bid/52267/discuss
12.10.11 CVE:
CVE-2011-3044,CVE-2011-3043,CVE-2011-3042,CVE-2011-3041,CVE-2011-3040,CVE-2011-3039,CVE-2011-3038,CVE-2011-3037,CVE-2011-3036,CVE-2011-3035,CVE-2011-3034,CVE-2011-3033,CVE-2011-3032,CVE-2011-3031
Platform: Cross Platform
Title: Google Chrome Multiple Security Vulnerabilities
Description: Google Chrome is a web browser for multiple platforms.
Google Chrome is exposed to the multiple security issues. See
reference for further details. Google Chrome versions prior to
17.0.963.65 are affected.
Ref: http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update.html
http://www.securityfocus.com/bid/52271/discuss
12.10.12 CVE: Not Available
Platform: Cross Platform
Title: Novell ZENworks Configuration Management Unspecified
Vulnerability
Description: Novell ZENworks Configuration Management is an IT
management application. Novell ZENworks Configuration Management is
exposed to an unspecified issue in the “HTTP TRACE” method. Novell
ZENworks Configuration Management 10.3 SP3 is vulnerable and other
versions may also be affected.
Ref: http://www.novell.com/support/viewContent.do?externalId=7010137
http://www.securityfocus.com/bid/52291/discuss
12.10.13 CVE: CVE-2012-0769,CVE-2012-0768
Platform: Cross Platform
Title: Adobe Flash Player Multiple Vulnerabilities
Description: Adobe Flash Player is a multimedia application for
multiple platforms. Adobe Flash Player is exposed to a memory
corruption issue and an information disclosure issue.
Adobe Flash Player11.1.102.62 and earlier versions are affected.
Ref: https://www.adobe.com/support/security/bulletins/apsb12-05.html
12.10.14 CVE: CVE-2012-0397
Platform: Cross Platform
Title: RSA SecurID Software Token Converter Buffer Overflow
Description: RSA SecurID Software Token Converter is a command line
utility that converts a software token file (SDTID file) from XML
format to a Compressed Token Format. RSA SecurID Software Token
Converter is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user supplied data. All versions
of RSA SecurID Software Token Converter are affected.
Ref: http://www.securityfocus.com/archive/1/521885
12.10.15 CVE:
CVE-2012-1144,CVE-2012-1143,CVE-2012-1142,CVE-2012-1141,CVE-2012-1140,CVE-2012-1139,CVE-2012-1138,CVE-2012-1137,CVE-2012-1136,CVE-2012-1135,CVE-2012-1134,CVE-2012-1133,CVE-2012-1132,CVE-2012-1131,CVE-2012-1130,CVE-2012-1129,CVE-2012-1128,CVE-2012-1127,CVE-2012-1126
Platform: Cross Platform
Title: FreeType Multiple Remote Vulnerabilities
Description: FreeType is an open source font handling library.
FreeType is exposed to multiple security issues. See reference for
further details. FreeType versions prior to 2.4.9 are affected.
Ref: http://www.securityfocus.com/bid/52318/references
12.10.16 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ZB BLOCK Multiple Cross-Site Scripting Vulnerabilities
Description: ZB BLOCK is a web-based application implemented in PHP.
The application is exposed to multiple cross-site scripting issues.
These issues occurs because the application allows attackers to perform
certain actions without validating the request. Specifically,
attackers can supply data through the “HTTP_REFERER” and
“HTTP_USER_AGENT” header of the “zbblock/hackme.php” script. ZB BLOCK
0.4.9 Final is vulnerable and other versions may be affected.
Ref: http://www.securityfocus.com/bid/52305/discuss
12.10.17 CVE: Not Available
Platform: Web Application - SQL Injection
Title: OpenX “sessionID” SQL Injection
Description: OpenX is a web-based ad server implemented in PHP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user supplied data submitted to the “sessionID”
cookie parameter in the administrative interface before using it in an
SQL query. OpenX 2.8.1 through 2.8.7 are affected.
Ref: http://blog.openx.org/12/security-matters-3/
http://www.securityfocus.com/bid/52308/discuss
12.10.18 CVE: Not Available
Platform: Web Application
Title: LDAP Account Manager Pro Cross Site Scripting and HTML
Injection Vulnerabilities
Description: LDAP Account Manager Pro is a web frontend for managing
accounts stored in an LDAP directory. The application is exposed to
the following vulnerabilities because it fails to properly sanitize
user supplied input. 1) An HTML injection issue affects certain input
submitted to the application. 2) A cross site scripting issue affects
the “attr” parameter of the “templates/3rdParty/pla/htdocs/cmd.php”
script. LDAP Account Manager Pro 3.6 is vulnerable and other versions
may also be affected.
Ref: http://www.vulnerability-lab.com/get_content.php?id=458
http://www.securityfocus.com/bid/52255/discuss
12.10.19 CVE: Not Available
Platform: Web Application
Title: CMS Builder Multiple HTML Injection Vulnerabilities
Description: CMS Builder is a web-based content manager. The
application is exposed to multiple HTML injection issue because it
fails to sufficiently sanitize user supplied input submitted to the
“TITLE” and “BODY” field of the unspecified scripts. CMS Builder 2.14
is vulnerable; other versions may also be affected.
Ref: http://secunia.com/advisories/48227
http://packetstormsecurity.org/files/110368/CMS-Builder-2.14-Cross-Site-Scripting.html
http://www.securityfocus.com/bid/52261/discuss
12.10.20 CVE: Not Available
Platform: Web Application
Title: Open Realty “select_users_template” Parameter Local File
Include
Description: Open Realty is a PHP-based web application. The
application is exposed to a local file include issue because it fails
to properly sanitize user supplied input to the
“select_users_template” parameter of “index.php” script. Open Realty
version 2.5.8 is vulnerable; other versions may also be affected.
Ref: http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi
http://www.securityfocus.com/bid/52296/discuss
12.10.21 CVE: Not Available
Platform: Web Application
Title: Symfony2 XML Parsing Local File Disclosure
Description: Symfony2 is a framework for building web-based
applications. Symfony2 is exposed to a local file disclosure issue
that affects the “XMLEncoder” component when parsing XML. Symfony2
2.0.10 and prior versions are affected.
Ref: http://www.securityfocus.com/bid/52302/discuss
http://www.senseofsecurity.com.au/advisories/SOS-12-002.pdf
12.10.22 CVE: Not Available
Platform: Web Application
Title: MantisBT Multiple Security Bypass Vulnerabilities
Description: MantisBT is a web-based bug management application.
MantisBT is exposed to multiple security bypass issues. See reference
for further details. MantisBT versions prior to 1.2.9 are affected.
Ref: http://www.mantisbt.org/bugs/changelog_page.php?version_id=140
http://www.securityfocus.com/bid/52313/discuss
12.10.23 CVE: CVE-2012-0371
Platform: Network Device
Title: Cisco Wireless LAN Controller Multiple Vulnerabilities
Description: Cisco Wireless LAN Controller is used to control various
wireless LAN functions. Cisco Wireless LAN Controller is exposed to
multiple security issues. See reference for further details. Cisco
2000 Series WLC, Cisco 2100 Series WLC, Cisco 2500 Series WLC, Cisco
4100 Series WLC, Cisco 4400 Series WLC, Cisco 5500 Series WLC, Cisco
500 Series Wireless Express Mobility Controllers, Cisco Wireless
Services Modules (WiSM), Cisco Wireless Services Modules version 2
(WiSM version 2), Cisco NME-AIR-WLC Modules for Integrated Services
Routers (ISRs), Cisco NM-AIR-WLC Modules for Integrated Services
Routers (ISRs), Cisco Catalyst 3750G Integrated WLCs and Cisco Flex
7500 Series Cloud Controllers are affected.
Ref:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc
12.10.24 CVE: CVE-2012-0331,CVE-2012-0330
Platform: Hardware
Title: Cisco TelePresence Video Communication Server Session Denial of
Service Vulnerabilities
Description: Cisco TelePresence Video Communication Server is a
telepresence management system using policy services integration and
dial plan configuration. The server is exposed to multiple denial of
service issues when handling specially crafted Session Initiation
Protocol (SIP) packets through ports 5060 or 5061. Cisco TelePresence
Video Communication Server versions prior to X7.0.1 are affected.
Ref:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-vcs
http://www.securityfocus.com/bid/52214/discuss
OVERVIEW
CAPABILITIES
PLATFORM APPS
Use Cases
Segments
Resources
Research
Enterprise TruRisk Platform
Free Services