RSS

Resumen de Vulnerabilidades - Semana 30

jueves, 21 de julio de 2011

______________________________________________________________________

                               @RISK: The Consensus Security Vulnerability Alert

                                                               Week 30 2011

______________________________________________________________________

Summary of Updates and Vulnerabilities in this Consensus

Platform                                                      Number of Updates and Vulnerabilities
- ------------------------                                             -------------------------------------

Third Party Windows Apps                   3
Linux                                                           1
Solaris                                                         1
Cross Platform                                           14 (#1,#2,#3)
Web Application - SQL Injection           2
Web Application                                       4
Network Device                                         1
Hardware                                                    1 

****************************************************************************
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com) Widely Deployed Software

(1) HIGH: Oracle Multiple Products Multiple Vulnerabilities
(2) HIGH: Apple iOS Multiple Vulnerabilities
(3) MEDIUM: Citrix Access Gateway ActiveX Component Stack Buffer Overflow

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

-- Third Party Windows Apps
11.30.1  - Citrix Access Gateway Plug-in ActiveX Control Multiple Unspecified Vulnerabilities
11.30.2  - Dell OpenManage IT Assistant Information Disclosure
11.30.3  - Google Picasa JPEG Image Processing Remote Code Execution Vulnerability

-- Linux
11.30.4  - JBoss Seam Expression Language Remote Code Execution Vulnerability

-- Solaris
11.30.5  - Oracle Sun Solaris Multiple Vulnerabilities

-- Cross Platform
11.30.6  - BlackBerry Enterprise Server Administration API Information Disclosure Vulnerability
11.30.7  - VLC Media Player ".RM" and ".AVI" Files Multiple Remote Heap Buffer Overflow Vulnerabilities
11.30.8  - Check Point Provider-1 Unspecified Local Security Vulnerability
11.30.9  - Apache Tomcat "sendfile" Request Attributes Information Disclosure
11.30.10 - Foomatic "foomatic-rip" Command Injection Vulnerability
11.30.11 - Mozilla Firefox and Thunderbird CRLF Injection Vulnerability
11.30.12 - IBM WebSphere Application Server Administration Console Local Information Disclosure Vulnerability
11.30.13 - Fglrx "xauth secret" Cookie Information Disclosure
11.30.14 - Oracle Enterprise Manager Grid Control Multiple Vulnerabilities
11.30.15 - Oracle Application Server XML Developer Kit  Remote Security Vulnerability
11.30.16 - Oracle Fusion Middleware Multiple Vulnerabilities
11.30.17 - Oracle VM VirtualBox Multiple Local Vulnerabilities
11.30.18 - Oracle Database Server Multiple Vulnerabilities
11.30.19 - Oracle PeopleSoft  Multiple Vulnerabilities

-- Web Application - SQL Injection
11.30.20 - LiteRadius "locator.php" Multiple SQL Injection Vulnerabilities
11.30.21 - MapServer Multiple SQL Injection Vulnerabilities

-- Web Application
11.30.22 - Trend Micro Control Manager "module" Parameter Directory Traversal Vulnerability
11.30.23 - Chyrp Multiple Input Validation Vulnerabilities
11.30.24 - EMC Documentum eRoom Indexing Server HummingBird Connector Remote Buffer Overflow Vulnerability
11.30.25 - Support Incident Tracker Multiple Unspecified Vulnerabilities

-- Network Device
11.30.26 - Iskratel SI2000 Callisto 821+ Multiple Security Vulnerabilities

-- Hardware
11.30.27 - HP Arcsight Connector Appliance Cross-Site Scripting Vulnerability
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

______________________________________________________________________

(1) HIGH: Oracle Multiple Products Multiple Vulnerabilities
Affected:
Oracle Secure Backup
Oracle Fusion Middleware

Description: Oracle has released patches for multiple vulnerabilities affecting its products. Oracle Secure Backup, which provides centralized tape backup management for heterogeneous servers, has been patched to address an unspecified remote vulnerability in Oracle Secure Backup that can be exploited over the HTTP protocol. An unauthenticated attacker can exploit this vulnerability in order to completely violate the integrity of a target Windows system. This vulnerability is less severe on Linux, Unix, and other platforms. Oracle has also released a patch for Fusion Middleware, a platform for applications that runs on multiple operating systems. Oracle JRockit, which is Oracle's JVM (Java Virtual Machine) embedded into Fusion Middleware, was susceptible to an unspecified vulnerability. An unauthenticated remote attacker can exploit this vulnerability in order to completely violate the integrity of a target system.

Status: vendor confirmed, updates available

References:
Vendor Site
Oracle Critical Patch Advisory
SecurityFocus BugTraq ID

*************************************************************

(2) HIGH: Apple iOS Multiple Vulnerabilities
Affected:
Apple iOS prior to 4.2.9
Apple iOS prior to 4.3.4

Description: Apple has released patches for multiple vulnerabilities affecting components of its iOS operating system for mobile devices. The issues include two CoreGraphics vulnerabilities that could be triggered when opening a malicious PDF. The first exists because of a buffer overflow in the component of FreeType responsible for handling TrueType fonts. The second involves an unspecified signedness issue. By enticing a target to open a malicious PDF, an attacker can exploit these vulnerabilities in order to execute arbitrary code on the target's machine.

Status: vendor confirmed, updates available

References:
Vendor Site
Apple Security Advisories
SecurityFocus BugTraq ID

************************************************************

(3) MEDIUM: Citrix Access Gateway ActiveX Component Stack Buffer Overflow
Affected:
Citrix Access Gateway 8.1 prior to 8.1-67.7 Citrix Access Gateway 9.0 prior to 9.0-70.5 Citrix Access Gateway 9.1 prior to 9.1-96.4

Description: Citrix has released patches for Access Gateway, a system that provides remote access to applications via VPN over SSL, addressing a stack buffer overflow vulnerability in the ActiveX component installed on endpoint systems. The vulnerable ActiveX control does not properly handle HTTP header data sent from a Citrix server. By enticing a target to view a malicious site, an attacker can exploit this vulnerability in order to execute arbitrary code on the target's machine in the context of the currently logged-in user.

Status: vendor confirmed, updates available

References:
Vendor Site
Citrix Security Advisory
iDefense Public Advisories

*************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 11784 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.
______________________________________________________________________

11.30.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Citrix Access Gateway Plug-in ActiveX Control Multiple Unspecified Vulnerabilities
Description: The Citrix Access Gateway Plug-in is client software for Windows. The application is exposed to multiple unspecified remote code execution issues. Citrix Access Gateway Plug-in versions prior to 8.1-67.7, 9.0-70.5 and 9.1-96.4 are vulnerable and other versions may also be affected.
______________________________________________________________________

11.30.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Dell OpenManage IT Assistant Information Disclosure
Description: Dell OpenManage IT Assistant provides solutions for centralized management of computer systems. Dell OpenManage IT Assistant "detectIESettingsForITA.OCX" ActiveX control is exposed to a remote information disclosure issue. Specifically, this issue occurs because of an insecure "readRegVal()" method which allows attackers to disclose registry values by querying it. The affected control is identified by CLSID: 6286EF1A-B56E-48EF-90C3-743410657F3C. Dell OpenManage IT Assistant 8.9.0 is affected.
______________________________________________________________________

11.30.3 CVE: CVE-2011-2747
Platform: Third Party Windows Apps
Title: Google Picasa JPEG Image Processing Remote Code Execution Vulnerability
Description: Google Picasa is a graphics application available for Microsoft Windows. Google Picasa is exposed to a remote code execution issue while processing JPEG image files. Google Picasa 3.6 Build
105.61 is affected.
______________________________________________________________________

11.30.4 CVE: CVE-2011-2196
Platform: Linux
Title: JBoss Seam Expression Language Remote Code Execution Vulnerability
Description: JBoss Seam is a framework for developing Web 2.0 applications. JBoss Seam is exposed to a remote code execution issue because it fails to properly restrict access to JBoss Expression Language constructs during page exception handling. JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0 are affected.
Ref:
______________________________________________________________________

11.30.5 CVE:
CVE-2011-2295,CVE-2011-2293,CVE-2011-2258,CVE-2011-2289,CVE-2011-2296,
CVE-2011-2294,CVE-2011-2249,CVE-2011-2290,CVE-2011-2259,CVE-2011-2298,
CVE-2011-2291,CVE-2011-2285,CVE-2011-2287,CVE-2011-2245
Platform: Solaris
Title: Oracle Sun Solaris Multiple Vulnerabilities
Description: Oracle Sun Solaris is exposed to multiple issues.
Multiple local issues affect "Driver/USB", "Zones", "rksh", "LiveUpgrade", "Kernel/SCTP", "Kernel/sockfs", "UFS", "Trusted Extensions" and "Installer" sub component. Multiple remote issues affect "SSH", "TCP/IP", "KSSL" and "fingerd" sub component.
Solaris 8, 9, 10 and 11 Express are affected.
Ref:
______________________________________________________________________

11.30.6 CVE: CVE-2011-0287
Platform: Cross Platform
Title: BlackBerry Enterprise Server Administration API Information Disclosure Vulnerability
Description: Blackberry Enterprise Server is communications middleware for Research In Motion Blackberry devices. BlackBerry Enterprise Server is exposed to an information disclosure issue. This issue affects the Administration API. BlackBerry Enterprise Server software 5.0.1 through 5.0.3 and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3 are affected.
Ref:
______________________________________________________________________

11.30.7 CVE: CVE-2011-2588,CVE-2011-2587
Platform: Cross Platform
Title: VLC Media Player ".RM" and ".AVI" Files Multiple Remote Heap Buffer Overflow Vulnerabilities
Description: VLC is a cross-platform media player. The application is exposed to multiple heap-based buffer overflow issues.
A heap-based buffer overflow occurs because of an integer overflow error when parsing a RealAudio data block in RealMedia files.
A heap-based buffer overflow occurs because of an integer underflow error when parsing a "strf" chunk in AVI files. VLC media player versions 0.5.0 through 1.1.10 are vulnerable and other versions may also be affected.
______________________________________________________________________

11.30.8 CVE: CVE-2011-2664
Platform: Cross Platform
Title: Check Point Provider-1 Unspecified Local Security Vulnerability
Description: Check Point Provider-1 provides a multi-domain management solution. The application is exposed to an unspecified security issue which occurs during installation on non-Windows systems. Check Point NGX R65, R70, R71, R75 are affected.
Ref:
______________________________________________________________________

11.30.9 CVE: CVE-2011-2526
Platform: Cross Platform
Title: Apache Tomcat "sendfile" Request Attributes Information Disclosure
Description: Apache Tomcat is a Java-based web server application for multiple operating systems. The application is exposed to a remote information disclosure issue. Specifically, "sendfile" is used automatically to serve content through the "DefaultServlet", and web applications may use it by setting request attributes. The request attributes are not properly validated, which allows a specially crafted web application to return files that would normally be protected by a Security Manager. Tomcat versions 5.5.0 through 5.5.33, 6.0.0 through
6.0.32 and  7.0.0 through 7.0.18 are affected.
______________________________________________________________________

11.30.10 CVE: Not Available
Platform: Cross Platform
Title: Foomatic "foomatic-rip" Command Injection Vulnerability
Description: Foomatic is a database driven system for integrating various print spoolers with available printer drivers. Foomatic is exposed to a command injection issue because it fails to adequately sanitize user-supplied input. Specifically, the issue affects the "foomatic-rip" utility because it allows users to provide crafted PPD files using the "-p" parameter. Foomatic 4.0.6 is vulnerable and other versions may also be affected.
______________________________________________________________________

11.30.11 CVE: CVE-2011-2605
Platform: Cross Platform
Title: Mozilla Firefox and Thunderbird CRLF Injection Vulnerability
Description: Firefox is a browser. Thunderbird is an email client.
Both applications are available for multiple platforms. Mozilla Firefox and Thunderbird are exposed to a CRLF injection issue in the "netwerk/cookie/nsCookieService.cpp" source file. Multiple cookies may be set with the "document.cookie" API. Mozilla Thunderbird versions prior to 3.1.11, Mozilla Firefox versions prior to 3.6.18 are affected.
______________________________________________________________________

11.30.12 CVE: CVE-2011-1356
Platform: Cross Platform
Title: IBM WebSphere Application Server Administration Console Local Information Disclosure Vulnerability
Description: IBM WebSphere Application Server for z/OS is an application server used for service oriented architecture. The application is exposed to a local information disclosure issue affecting the administrative console. IBM WebSphere Application Server
6.1 and 7.0 are vulnerable and other versions may also be affected.
______________________________________________________________________

11.30.13 CVE: Not Available
Platform: Cross Platform
Title: Fglrx "xauth secret" Cookie Information Disclosure
Description: Fglrx is a driver for AMD/ATI based chipsets for Linux and Windows. The application is exposed to an information disclosure issue. Specifically, the issue occurs due to improper handling of "xauth secret" cookie. Fglrx 1:11-3-1 is vulnerable and other versions may also be affected.
______________________________________________________________________

11.30.14 CVE: CVE-2011-0848,CVE-2011-0875,CVE-2011-0816,CVE-2011-0845
Platform: Cross Platform
Title: Oracle Enterprise Manager Grid Control Multiple Vulnerabilities
Description: Oracle Enterprise Manager Grid Control is exposed to multiple issues. A remote issue in Security Framework can be exploited over the "HTTP" protocol. The "User Model" sub component is affected. A remote issue in EMCTL can be exploited over the "HTTP" protocol. A remote issue in CMDB Metadata & Instance APIs can be exploited over the "Oracle NET" protocol. A remote vulnerability in Database Control can be exploited over the "HTTP" protocol. Oracle Enterprise Manager Grid Control version 10.1.0.5, 10.2.0.3, 10.1.0.6, 10.2.0.5, 10.2.0.4, 11.1.0.7, 11.2.0.1, 11.2.0.2 are affected.
Ref:
______________________________________________________________________

11.30.15 CVE: CVE-2011-2232
Platform: Cross Platform
Title: Oracle Application Server XML Developer Kit Remote Security Vulnerability
Description: Oracle Application Server is exposed to a remote issue in XML Developer Kit. The issue can be exploited over different protocols. For an exploit to succeed, the attacker must have "Authenticated session" privileges. Oracle Application Server 10g Release 3, version 10.1.3.5.0, Oracle Application Server 10g Release 2, version 10.1.2.3.0 are affected.
Ref:
______________________________________________________________________

11.30.16 CVE: CVE-2011-0883,CVE-2011-0884,CVE-2011-2241,CVE-2011-2264
Platform: Cross Platform
Title: Oracle Fusion Middleware Multiple Vulnerabilities
Description: Oracle Fusion Middleware is exposed to multiple issues:
A remote issue in Oracle Containers for J2EE can be exploited over the "HTTP" protocol. The "Servlet Runtime in OC4J" sub component is affected. A remote issue in Oracle BPEL Process Manager can be exploited over the "HTTP" protocol. The "BPEL Console" sub component is affected. A remote issue in Oracle Business Intelligence Enterprise Edition can be exploited over the "TCP/IP" protocol. The "Analytics Server" sub component is affected. A local issue in Oracle Outside In Technology can be exploited over the "Local" protocol. The "Outside In Filters"
sub component is affected. Oracle Fusion Middleware versions 8.3.2.0, 8.3.5.0, 10.1.2.3, 10.1.3.5, 10.1.4.0.1, 10.1.4.3, 10.1.3.4.1,
11.1.1.3 are affected.
______________________________________________________________________

11.30.17 CVE: CVE-2011-2300, CVE-2011-2305
Platform: Cross Platform
Title: Oracle VM VirtualBox Multiple Local Vulnerabilities
Description: Oracle VM VirtualBox is an x86 virtualization software package. The application is exposed to multiple local issues that affect the "Guest Additions for Windows" sub component and the "All packages"
sub component. Oracle VM VirtualBox 3.0, 3.1, 3.2 and 4.0 are affected.
Ref:
______________________________________________________________________

11.30.18 CVE:
CVE-2011-2239,CVE-2011-2231,CVE-2011-2242,CVE-2011-0877,CVE-2011-0811,
CVE-2011-2238,CVE-2011-0879,CVE-2011-0831,CVE-2011-0830,CVE-2011-0876,
CVE-2011-2243,CVE-2011-0881,CVE-2011-2257,CVE-2011-2230,CVE-2011-0880,
CVE-2011-0832,CVE-2011-2244,CVE-2011-0835,CVE-2011-0882,CVE-2011-0852,
CVE-2011-2253,CVE-2011-0838,CVE-2011-2240
Platform: Cross Platform
Title: Oracle Database Server Multiple Vulnerabilities
Description: Oracle Database Server is exposed to multiple issues that affect multiple sub components. Please refer to Reference for details. Oracle Database 11g Release 2, versions 11.2.0.1, 11.2.0.2, Oracle Database 11g Release 1, version 11.1.0.7, Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5, Oracle Database 10g Release 1, version 10.1.0.5 are affected.
Ref:
______________________________________________________________________

11.30.19 CVE:
CVE-2011-2277,CVE-2011-2284,CVE-2011-2275,CVE-2011-2281,CVE-2011-2279,
CVE-2011-2272,CVE-2011-2280,CVE-2011-2282,CVE-2011-2274,CVE-2011-2250,
CVE-2011-2283,CVE-2011-2278
Platform: Cross Platform
Title: Oracle PeopleSoft  Multiple Vulnerabilities
Description: Oracle PeopleSoft is exposed Multiple issues that affect "Purchasing", "ePerformance", "Global Payroll Core", "Talent Acquisition Manager", "eProcurement", "Receivables", "Payables" sub component and "HTTP(s)", "Proprietary" protocol. PeopleSoft Enterprise FIN, version 9.0, 9.1, Enterprise FMS, versions 9.0, 9.1, Enterprise FSCM, versions 9.0, 9.1, Enterprise HRMS, versions 8.9, 9.0, 9.1, Enterprise SCM, versions 9.0, 9.1, Enterprise PeopleTools, versions 8.49, 8.50, 8.51 are affected.
Ref:
______________________________________________________________________

11.30.20 CVE: Not Available
Platform: Web Application - SQL Injection
Title: LiteRadius "locator.php" Multiple SQL Injection Vulnerabilities
Description: LiteRadius is a web-based application implemented in PHP.
The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input submitted to the "lat"
and "long" parameters of the "locator.php" script before using it an SQL query. LiteRadius versions 3.2 and prior are affected.
______________________________________________________________________

11.30.21 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MapServer Multiple SQL Injection Vulnerabilities
Description: MapServer is a development environment for building spatially enabled Internet applications. The application is available for various platforms. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data in Open Geospatial Consortium filter encoding within Web Map Server (WMS), Web Feature Service Sensor Observation Service and WMS time support. MapServer versions 6.x prior to 6.0.1, 5.x prior to 5.6.7 and 4.x prior to 4.10.7 are affected.
Ref:
______________________________________________________________________

11.30.22 CVE: Not Available
Platform: Web Application
Title: Trend Micro Control Manager "module" Parameter Directory Traversal Vulnerability
Description: Trend Micro Control Manager is a web-based management console. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input submitted to the "module" parameter of the "WebApp/widget/proxy_request.php" script when the "sid" parameter is set to "undefined", and the "serverid", "SORTFIELD", "SELECTION", and "WID" parameters are set. Trend Micro Control Manager 5.5 Build 1250 is vulnerable; other versions may also be affected.
______________________________________________________________________

11.30.23 CVE: CVE-2011-2743,CVE-2011-2744
Platform: Web Application
Title: Chyrp Multiple Input Validation Vulnerabilities
Description: Chyrp is a PHP-based blogging engine. The application is exposed to multiple input validation issues. Multiple cross-site scripting issues occur. A local file include issue affects the "action" parameter of the "index.php" script. A directory traversal issue affects the "file" parameter of the "includes/lib/gz.php"
script. An issue occurs because the application fails to sufficiently sanitize file extensions before uploading files to the web server through the "modules/swfupload/upload_handler.php" script.
Chyrp 2.1 and prior are affected.
______________________________________________________________________

11.30.24 CVE: CVE-2011-1741
Platform: Web Application
Title: EMC Documentum eRoom Indexing Server HummingBird Connector Remote Buffer Overflow Vulnerability
Description: EMC Documentum eRoom is a web-based collaboration application. EMC Documentum eRoom is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue affects the HummingBird client connector ("ftserver.exe") of the application's indexing server. EMC Documentum eRoom versions 7.4.x are affected.
______________________________________________________________________

11.30.25 CVE: Not Available
Platform: Web Application
Title: Support Incident Tracker Multiple Unspecified Vulnerabilities
Description: Support Incident Tracker is a web-based application implemented in PHP. Support Incident Tracker is exposed to multiple unspecified vulnerabilities. Support Incident Tracker versions prior to 3.64 are affected.
______________________________________________________________________

11.30.26 CVE: Not Available
Platform: Network Device
Title: Iskratel SI2000 Callisto 821+ Multiple Security Vulnerabilities
Description: The Iskratel SI2000 Callisto 821+ is a router. The device is exposed to multiple issues. A cross-site request-forgery issue exists because the device allows users to clear event logs through the "event_log_selection.html" script. A cross-site scripting issue affects the "events.html" script. Multiple HTML-injection issues exist because the device fails to sanitize user-supplied input passed to the following parameters of the "events.html" script:
"EmWeb_ns:vim:2.", "EmWeb_ns:vim:7.", "EmWeb_ns:vim:11.", "EmWeb_ns:vim:12.", "EmWeb_ns:vim:13.", "EmWeb_ns:vim:14.", "EmWeb_ns:vim:15.". Iskratel SI2000 Callisto 821+ is affected.
______________________________________________________________________

11.30.27 CVE: CVE-2011-0770
Platform: Hardware
Title: HP Arcsight Connector Appliance Cross-Site Scripting Vulnerability
Description: HP Arcsight Connector Appliance is an event logging device. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "Windows Event Log Connector" component. HP Arcsight Connector Appliance versions prior to 6.1 are affected.
______________________________________________________________________

Welcome

Con la tecnología de Blogger.