Hola Mundo, como dicen los desarrolladores… después de un tiempo sin publicar material de seguridad, les dejo el resumen de vulnerabilidades de la semana 32.
Aprovecho de agradecer las más de 1.000 visitas registradas en mi blog durante estos últimos 3 meses, con solo una lista de contacto de no más de 30 correos, eso habla que la información consolidada es de interés… ahora me encuentro trabajando en una metodología para enfrentar y cuantificar ataques de Denegación de Servicios Distribuidos, más conocidos como DDoS, a raíz de la gran cantidad de hacktivismo que está presente en la red, y que pone en riesgo la continuidad operativa y mala imagen de las entidades estatales y privadas. Espero tener este material, en su versión BETA, en dos semanas más, si el trabajo me lo permite.
______________________________________________________________________
@RISK: The Consensus Security Vulnerability Alert
Week 32 2011
______________________________________________________________________
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
-------------------------- -------------------------------------
Third Party Windows Apps 4 (#1)
Linux 1
Unix &nb sp; ; 1
Cross Platform 12
Web Application - Cross Site Scripting 3
Web Application 4
Network Device 1
Hardware 1
****************************************************************************
Part I -- Critica l Vulner abilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) HIGH: RockWell FactoryTalk Memory Corruption Vulnerability
****************************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)
-- Third Party Windows Apps
11.32.1 - Ipswitch WhatsUp Gold SNMP Response Denial of Service
11.32.2 - ICQ "MUIMessage.dll" File Transfer Denial of Service
11.32.3 - AzeoTech DAQFactory Denial of Service
11.32.4 - Rockwell Automation FactoryTalk Diagnostics Viewer ".ftd" File Remote Code Execution
@RISK: The Consensus Security Vulnerability Alert
Week 32 2011
______________________________________________________________________
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
-------------------------- -------------------------------------
Third Party Windows Apps 4 (#1)
Linux 1
Unix &nb sp; ; 1
Cross Platform 12
Web Application - Cross Site Scripting 3
Web Application 4
Network Device 1
Hardware 1
****************************************************************************
Part I -- Critica l Vulner abilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) HIGH: RockWell FactoryTalk Memory Corruption Vulnerability
****************************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)
-- Third Party Windows Apps
11.32.1 - Ipswitch WhatsUp Gold SNMP Response Denial of Service
11.32.2 - ICQ "MUIMessage.dll" File Transfer Denial of Service
11.32.3 - AzeoTech DAQFactory Denial of Service
11.32.4 - Rockwell Automation FactoryTalk Diagnostics Viewer ".ftd" File Remote Code Execution
-- Linux
11.32.5 - Cisco TelePresence Recording Server Default Root Credentials Authentication Bypass
11.32.5 - Cisco TelePresence Recording Server Default Root Credentials Authentication Bypass
-- Unix
11.32.6 - SCO UnixWare License Policy Manager Daemon "sco_pmd" Unspecified Denial of Service
11.32.6 - SCO UnixWare License Policy Manager Daemon "sco_pmd" Unspecified Denial of Service
-- Cross Platform
11.32.7 - EMC Data Protection Advisor Account Credentials Local Information Disclosure
11.32.8 - HP SiteScope Unspecified Cross-Sit e Script ing Vulnerability
11.32.9 - HP OpenView Storage Data Protector Denial of Service
11.32.10 - HP Network Automation Unspecified Cross-Site Scripting and SQL Injection Vulnerabilities
11.32.11 - Libsoup SoupServer Directory Traversal
11.32.12 - FlexNet License Server Manager "lmadmin" Component Heap Buffer Overflow Vulnerability
11.32.13 - ManageEngine ServiceDesk Plus Multiple HTML Injection Vulnerabilities
11.32.14 - Sybase Products Multiple Unspecified Vulnerabilities
11.32.15 - IBM Lotus Symphony Multiple Denial of Service Vulnerabilities and Unspecified Vulnerabilities
11.32.16 - ActFax Server "USER" Command Remote Buffer Overflow Vulnerability
11.32.17 - Skype Facebook Plugin Multiple Cross-Site Scripting Vulnerabilities
11.32.18 - Google Chrome Multiple Security Vulnerabilities
11.32.7 - EMC Data Protection Advisor Account Credentials Local Information Disclosure
11.32.8 - HP SiteScope Unspecified Cross-Sit e Script ing Vulnerability
11.32.9 - HP OpenView Storage Data Protector Denial of Service
11.32.10 - HP Network Automation Unspecified Cross-Site Scripting and SQL Injection Vulnerabilities
11.32.11 - Libsoup SoupServer Directory Traversal
11.32.12 - FlexNet License Server Manager "lmadmin" Component Heap Buffer Overflow Vulnerability
11.32.13 - ManageEngine ServiceDesk Plus Multiple HTML Injection Vulnerabilities
11.32.14 - Sybase Products Multiple Unspecified Vulnerabilities
11.32.15 - IBM Lotus Symphony Multiple Denial of Service Vulnerabilities and Unspecified Vulnerabilities
11.32.16 - ActFax Server "USER" Command Remote Buffer Overflow Vulnerability
11.32.17 - Skype Facebook Plugin Multiple Cross-Site Scripting Vulnerabilities
11.32.18 - Google Chrome Multiple Security Vulnerabilities
-- Web Application - Cross Site Scripting
11.32.19 - Samba SWAT Cross-Site Request Forgery Vulnerability
11.32.20 - SEO Panel Multiple Cross-Site Scripting Vulnerabilities
11.32.21 - Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities
11.32.19 - Samba SWAT Cross-Site Request Forgery Vulnerability
11.32.20 - SEO Panel Multiple Cross-Site Scripting Vulnerabilities
11.32.21 - Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities
-- Web Application
11.32.22 - MyWebServer dot Character Remote Script File Disclosure
11.32.23 - CFTP Insecure Cookie Authentication Bypass Vulnerability
11.32.24 - Group-Office Command Injection and SQL Injection Vulnerabilities
11.32.25 - ZoneMinder "view" Parameter Local File Include Vulnerability
11.32.22 - MyWebServer dot Character Remote Script File Disclosure
11.32.23 - CFTP Insecure Cookie Authentication Bypass Vulnerability
11.32.24 - Group-Office Command Injection and SQL Injection Vulnerabilities
11.32.25 - ZoneMinder "view" Parameter Local File Include Vulnerability
-- Network Device
11.32.26 - Avaya Secure Access Link Gateway Invalid Domain Servers Information Disclosure Vulnerability
11.32.26 - Avaya Secure Access Link Gateway Invalid Domain Servers Information Disclosure Vulnerability
-- Hardware
11.32.27 - Google Search Appliance Unspecified Cross-Site Scripting
11.32.27 - Google Search Appliance Unspecified Cross-Site Scripting
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process
*************************************************************
(1) HIGH: RockWell FactoryTalk Memory Corruption Vulnerability
Affected:
Rockwell Automation FactoryTalk Diagnostic ViewerVersions 2.10.x (SPR9 SR2) and earlier
Description: Rockwell Automation has released a patch addressing an
unspecified memory corruption vulnerability in its FactoryTalk
Diagnostics Viewer. FactoryTalk is Rockwell's suite of software products
designed for industrial settings and is designed to facilitate
communication between an enterprise and its manufacturing processes in
industrial settings. FactoryTalk Dianostics logs and makes available
activity, status, warning, and error messages. Details are not publicly
available for this vulnerability, but the attack vector is known. By
enticing a target to open a malicious ".ftd" file, an attacker can
exploit this vulnerability in order to execute arbitrary code on the
target's machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.rockwellautomation.com
SecurityFocus BugTraq ID
http://www.securityfocus.com/bid/48962/
*************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 11938 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.
______________________________________________________________________
11.32.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Ipswitch WhatsUp Gold SNMP Response Denial Of Service
Description: Ipswitch WhatsUp Gold is a network monitoring and
management solution. Ipswitch WhatsUp Gold is exposed to a denial of
service issue. Specifically, an attacker can crash the "Discovery
Service" by sending crafted SNMP responses during the discovery process.
Ipswitch WhatsUp Gold versions prior to 14.4.1 are affected.
Ref:
http://docs.ipswitch.com/NM/82_WhatsUp Gold v14.4/01_Release Notes/14.4.1/index.htm
______________________________________________________________________
11.32.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: ICQ "MUIMessage.dll" File Transfer Denial of Service
Description: ICQ is an instant messaging client. ICQ is exposed to a
remote denial of service issue. This issue affects the "MUIMessage.dll"
file and arises when handling specially crafted files received through
the "File Transfer" functionality of the application. ICQ 7.5 is
vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/48943/references
______________________________________________________________________
11.32.3 CVE: CVE-2011-2956
Platform: Third Party Windows Apps
Title: AzeoTech DAQFactory Denial of Service
Description: AzeoTech DAQFactory is data acquisition and control
application. The application is exposed to a denial of service issue
because it fails to perform authentication for certain signals.
Versions prior to DAQFactory 5.85 are affected.
Ref: http://www.securityfocus.com/bid/48955/discuss
______________________________________________________________________
11.32.4 CVE: CVE-2011-2957
Platform: Third Party Windows Apps
Title: Rockwell Automation FactoryTalk Diagnostics Viewer ".ftd" File
Remote Code Execution
Description: FactoryTalk Diagnostics Viewer is a part of FactoryTalk
Services Platform that provides diagnosis solutions to the products on
the platform. The application is exposed to a remote code execution
issue. This issue occurs because of an unspecified memory corruption
issue which is triggered when processing a specially crafted
configuration (".ftd") file. Versions prior to FactoryTalk
Diagnostics Viewer 2.30.00 are affected.
Ref: http://www.securityfocus.com/bid/48962/references
______________________________________________________________________
11.32.5 CVE: CVE-2011-2555
Platform: Linux
Title: Cisco TelePresence Recording Server Default Root Credentials
Authentication Bypass
Description: Cisco TelePresence Recording Server is an application for
remote communication. The application is exposed to a remote
authentication bypass issue. Cisco TelePresence Recording Server
Software Release 1.7.2 is affected.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20110729-tp.shtml
______________________________________________________________________
11.32.6 CVE: Not Available
Platform: Unix
Title: SCO UnixWare License Policy Manager Daemon "sco_pmd"
Unspecified Denial of Service
Description: UnixWare is a UNIX operating system maintained by SCO
Group. UnixWare is exposed to a denial of service issue caused
by an unspecified error in the License Policy Manager Daemon
"sco_pmd". UnixWare 7.1.4 is vulnerable and other versions may also be
affected.
Ref:
ftp://ftp.sco.com/pub/unixware7/714/security/p535239a_uw7/p535239a_uw7.txt
______________________________________________________________________
11.32.7 CVE: CVE-2011-1742
Platform: Cross Platform
Title: EMC Data Protection Advisor Account Credentials Local
Information Disclosure
Description: EMC Data Protection Advisor manages data protection
environments. The application is exposed to a local information
disclosure issue. Specifically, this issue occurs because under
certain circumstances, the configuration file of the application
discloses the sensitive account credentials in plain text form.
Versions prior to EMC Data Protection Advisor 5.8.1 are affected.
Ref: http://www.securityfocus.com/archive/1/519012
______________________________________________________________________
11.32.8 CVE: CVE-2011-2400
Platform: Cross Platform
Title: HP SiteScope Unspecified Cross-Site Scripting Vulnerability
Description: HP SiteScope is an agent-less monitoring application. The
application is exposed to an unspecified cross-site scripting issue
because it fails to properly sanitize user-supplied input before using
it in dynamically generated content. HP SiteScope versions 11.x, 10.x,
9.x, and prior are affected.
Ref:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02940969&ac.admitted=1311850160211.876444892.199480143
______________________________________________________________________
11.32.9 CVE: CVE-2011-2399
Platform: Cross Platform
Title: HP OpenView Storage Data Protector Denial of Service
Description: HP OpenView Storage Data Protector is a commercial
data management product for backup and recovery operations. The
application is exposed to a remote denial of service issue.
Specifically, this issue affects the media management daemon
component. HP OpenView Storage Data Protector versions 6.0, 6.10, and
6.11 are affected.
Ref:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940981
______________________________________________________________________
11.32.10 CVE: CVE-2011-2402,CVE-2011-2403
Platform: Cross Platform
Title: HP Network Automation Unspecified Cross-Site S cripting and SQL
Injection Vulnerabilities
Description: HP Network Automation is an application for managing
network data. The application is exposed to multiple issues. An
unspecified cross-site scripting issue is caused by a failure to properly
sanitize user-supplied input. An SQL injection issue is caused by a failure
to properly sanitize user-supplied input before using it in an
SQL query. HP Network Automation versions 7.2x, v7.5x, v7.6x, v9.0 and
v9.10 are affected.
Ref: http://www.securityfocus.com/archive/1/519054
______________________________________________________________________
11.32.11 CVE: CVE-2011-2524
Platform: Cross Platform
Title: Libsoup SoupServer Directory Traversal
Description: Libsoup is an HTTP client server library for GNOME. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input. The problem affects the
"SoupServer" component and can be exploited by sending a specially
crafted URI request containing directory traversal strings to the
affected server. libsoup 2.4 is vulnerable and other versions may also
be affected.
Ref: http://www.securityfocus.com/bid/48926/discuss
______________________________________________________________________
11.32.12 CVE: Not Available
Platform: Cross Platform
Title: FlexNet License Server Manager "lmadmin" Component Heap
Buffer Overflow Vulnerability
Description: FlexNet License Server Manager is a license management
application. The application is exposed to a remote heap-based buffer
overflow issue that affects the "lmadmin" component
when handling packets that include opcode 0x2f. Specifically, the
application fails to perform adequate boundary checks on user-supplied
data before copying it into a fixed size buffer. All versions of
FlexNet License Server Manager are affected.
Ref: http://www.securityfocus.com/archive/1/519060
______________________________________________________________________
11.32.13 CVE: Not Available
Platform: Cross Platform
Title: ManageEngine ServiceDesk Plus Multiple HTML Injection
Vulnerabilities
Description: ManageEngine ServiceDesk Plus is a helpdesk application
that is available for Windows and Linux. The application is exposed to
multiple HTML injection issues because it fails to properly sanitize
user supplied input passed to the following scripts and parameters:
"SetUpWizard.do":"Name", "SiteDef.do":"Site name",
"GroupResourcesDef.do":"Group Name", "LicenseAgreement.do":"Agreement
Number", "ManualNodeAddition.do":"Name". ManageEngine ServiceDesk Plus
8.0 is vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/48928/discuss
______________________________________________________________________
11.32.14 CVE: Not Available
Platform: Cross Platform
Title: Sybase Products Multiple Unspecified Vulnerabilities
Description: Multiple Sybase products are exposed to multiple
unspecified issues. An unspecified error occurs in the Open Server
component when handling Tabular Data Stream packets. An unspecified
error occurs in the Open Server component when handling certain login
packets. Sybase Adaptive Server Enterprise 15, Sybase EAServer 6, Sybase
ECDA 15, Sybase MFC/DC 15, Sybase OpenSwitch 15, Sybase Replication
Server 15 are affected.
Ref: http://www.sybase.com/detail?id=1094235
______________________________________________________________________
11.32.15 CVE:
CVE-2011-2893,CVE-2011-2888,CVE-2011-2887,CVE-2011-2886,CVE-2011-2885
CVE-2011-2884
Platform: Cross Platform
Title: IBM Lotus Symphony Multiple Denial of Service Vulnerabilities
and Unspecified Vulnerabilities
Description: IBM Lotus Symphony is productivity software that contains
three applications: Lotus Symphony Documents, Lotus Symphony
Spreadsheets, and Lotus Symphony Presentations. IBM Lotus Symphony is
exposed to multiple unspecified issues (CVE-2011-2884) and multiple
denial of service issues (CVE-2011-2885, CVE-2011-2886).
IBM Lotus Symphony 3 versions prior to Fix Pack 3 are affected.
Ref: http://www.securityfocus.com/bid/48936/references
______________________________________________________________________
11.32.16 CVE: Not Available
Platform: Cross Platform
Title: ActFax Server "USER" Command Remote Buffer Overflow
Vulnerability
Description: ActFax is a fax server for Windows and Unix. The
application is exposed to a remote buffer overflow issue because it
fails to perform adequate boundary checks on user-supplied data. This
issue occurs when handling a specially crafted "USER" command. ActFax
versions 4.27 and prior are affected.
Ref: http://www.securityfocus.com/bid/48947/references
______________________________________________________________________
11.32.17 CVE: Not Available
Platform: Cross Platform
Title: Skype Facebook Plugin Multiple Cross-Site Scripting
Vulnerabilities
Description: Skype is peer-to-peer communications software that
supports internet-based voice communications. Skype is exposed to
multiple cross-site scripting issues in the facebook plugin because
the application fails to sanitize user-supplied input to the "comment"
and "wall posting" fields. Versions prior to Skype 5.5 are affected.
Ref: http://www.securityfocus.com/bid/48950/references
______________________________________________________________________
11.32.18 CVE:
CVE-2011-2819,CVE-2011-2818,CVE-2011-2805,CVE-2011-2804,CVE-2011-2803
CVE-2011-2802,CVE-2011-2801,CVE-2011-2800,CVE-2011-2799,CVE-2011-2798
CVE-2011-2797,CVE-2011-2796,CVE-2011-2795,CVE-2011-2794,CVE-2011-2793
CVE-2011-2792,CVE-2011-2791,CVE-2011-2790,CVE-2011-2789,CVE-2011-2788
CVE-2011-2787,CVE-2011-2786,CVE-2011-2785,CVE-2011-2784,CVE-2011-2783
CVE-2011-2782,CVE-2011-2361,CVE-2011-2360,CVE-2011-2359,CVE-2011-2358
Platform: Cross Platform
Title: Google Chrome Multiple Security Vulnerabilities
Description: Google Chrome is a web browser for multiple platforms.
The application is exposed to multiple security issues. See reference
for further details. Versions prior to Chrome 13.0.782.107 are affected.
Ref:
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
______________________________________________________________________
11.32.19 CVE: CVE-2011-2522
Platform: Web Application - Cross Site Scripting
Title: Samba SWAT Cross-Site Request Forgery Vulnerability
Description: SAMBA SWAT (Samba Web Administration Tool) is an
administration tool for Samba. SAMBA SWAT is exposed to multiple
cross-site request forgery issues. These issues can be exploited by
manipulating the following parameters: "smbd_start", "smbd_stop",
"smbd_restart", "nmbd_start", "nmbd_stop", "nmbd_restart". SAMBA SWAT
3.0 through 3.5.9 are affected.
Ref: http://www.samba.org/samba/security/CVE-2011-2522
______________________________________________________________________
11.32.20 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SEO Panel Multiple Cross-Site Scripting Vulnerabilities
Description: SEO Panel is a search engine optimization tool
implemented in PHP. The application is exposed to multiple cross-site
scripting issues because it fails to properly sanitize user-supplied
input submitted to multiple scripts and parameters. SEO Panel
3.0.0 is vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/48933/references
______________________________________________________________________
11.32.21 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities
Description: Ecava IntegraXor is web-based HMI/SCADA software. The
application is exposed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input. Ecava IntegraXor
versions prior to 3.60.4080 are affected.
Ref: http://www.securityfocus.com/bid/48958/references
______________________________________________________________________
11.32.22 CVE: Not Available
Platform: Web Application
Title: MyWebServer dot Character Remote Script File Disclosure
Description: MyWebServer is a peer-to-peer web, file and application
server. The application is exposed to a file disclosure issue because
it fails to properly sanitize user-supplied input. Specifically, an
attacker can obtain the source code of a file by providing a dot "."
or " " character at the end of the filename in an HTTP request.
MyWebServer 1.0.3 is vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/48921/references
______________________________________________________________________
11.32.23 CVE: Not Available
Platform: Web Application
Title: CFTP Insecure Cookie Authentication Bypass Vulnerability
Description: CFTP is a web-based application implemented in PHP. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. Specifically, attackers can gain administrative access
to the application by setting the "access" cookie parameter to "admin"
and "userlevel" cookie parameter to "9". cFTP r80 is vulnerable; other
versions may also be affected.
Ref: http://www.securityfocus.com/bid/48931/discuss
______________________________________________________________________
11.32.24 CVE: Not Available
Platform: Web Application
Title: Group-Office Command Injection and SQL Injection
Vulnerabilities
Description: Group-Office is a PHP-based content manager. The
application is exposed to an SQL injection issue and a command
injection issue because it fails to properly sanitize user-supplied
input to unspecified parameters and scripts. Versions prior to
Group-Office 3.7.25 are affected.
Ref: http://www.securityfocus.com/bid/48941/references
______________________________________________________________________
11.32.25 CVE: Not Available
Platform: Web Application
Title: ZoneMinder "view" Parameter Local File Include Vulnerability
Description: ZoneMinder is a freely available application designed to
control and record video from security cameras. It contains a
web-based administrative application implemented in PHP. The
application is exposed to a local file include issue because it fails
to properly sanitize user supplied-input submitted to the "view"
parameter in the "web/index.php" script. Versions prior to ZoneMinder
1.24.4 are affected.
Ref: http://www.securityfocus.com/bid/48949/references
______________________________________________________________________
11.32.26 CVE: Not Available
Platform: Network Device
Title: Avaya Secure Access Link Gateway Invalid Domain Servers
Information Disclosure Vulnerability
Description: Avaya Secure Access Link is a gateway that provides
security solutions for remote access management. The application is
exposed to an information disclosure issue. Specifically, by default
the application incorrectly points the Secondary Core Server URL and
the Remote Server URL to "secavaya.com" and "secaxeda.com"
respectively; these domains are invalid. This can result in the
application sending sensitive information such as alarms or logs to
the email addresses of these invalid domain severs. Secure Access Link
1.5, 1.8, and 2.0 are affected.
Ref: http://support.avaya.com/css/P8/documents/100140483
______________________________________________________________________
11.32.27 CVE: CVE-2011-1339
Platform: Hardware
Title: Google Search Appliance Unspecified Cross-Site Scripting
Description: Google Search Appliance is a commercial search device
produced by Google. Google Search Appliance is exposed to a cross-site
scripting issue because it fails to properly sanitize certain
unspecified user-supplied input. Versions prior to
Google Search Appliance 5.0 are affected.
Ref: http://www.securityfocus.com/bid/48957/discuss
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process
*************************************************************
(1) HIGH: RockWell FactoryTalk Memory Corruption Vulnerability
Affected:
Rockwell Automation FactoryTalk Diagnostic ViewerVersions 2.10.x (SPR9 SR2) and earlier
Description: Rockwell Automation has released a patch addressing an
unspecified memory corruption vulnerability in its FactoryTalk
Diagnostics Viewer. FactoryTalk is Rockwell's suite of software products
designed for industrial settings and is designed to facilitate
communication between an enterprise and its manufacturing processes in
industrial settings. FactoryTalk Dianostics logs and makes available
activity, status, warning, and error messages. Details are not publicly
available for this vulnerability, but the attack vector is known. By
enticing a target to open a malicious ".ftd" file, an attacker can
exploit this vulnerability in order to execute arbitrary code on the
target's machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.rockwellautomation.com
SecurityFocus BugTraq ID
http://www.securityfocus.com/bid/48962/
*************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 11938 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.
______________________________________________________________________
11.32.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Ipswitch WhatsUp Gold SNMP Response Denial Of Service
Description: Ipswitch WhatsUp Gold is a network monitoring and
management solution. Ipswitch WhatsUp Gold is exposed to a denial of
service issue. Specifically, an attacker can crash the "Discovery
Service" by sending crafted SNMP responses during the discovery process.
Ipswitch WhatsUp Gold versions prior to 14.4.1 are affected.
Ref:
http://docs.ipswitch.com/NM/82_WhatsUp Gold v14.4/01_Release Notes/14.4.1/index.htm
______________________________________________________________________
11.32.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: ICQ "MUIMessage.dll" File Transfer Denial of Service
Description: ICQ is an instant messaging client. ICQ is exposed to a
remote denial of service issue. This issue affects the "MUIMessage.dll"
file and arises when handling specially crafted files received through
the "File Transfer" functionality of the application. ICQ 7.5 is
vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/48943/references
______________________________________________________________________
11.32.3 CVE: CVE-2011-2956
Platform: Third Party Windows Apps
Title: AzeoTech DAQFactory Denial of Service
Description: AzeoTech DAQFactory is data acquisition and control
application. The application is exposed to a denial of service issue
because it fails to perform authentication for certain signals.
Versions prior to DAQFactory 5.85 are affected.
Ref: http://www.securityfocus.com/bid/48955/discuss
______________________________________________________________________
11.32.4 CVE: CVE-2011-2957
Platform: Third Party Windows Apps
Title: Rockwell Automation FactoryTalk Diagnostics Viewer ".ftd" File
Remote Code Execution
Description: FactoryTalk Diagnostics Viewer is a part of FactoryTalk
Services Platform that provides diagnosis solutions to the products on
the platform. The application is exposed to a remote code execution
issue. This issue occurs because of an unspecified memory corruption
issue which is triggered when processing a specially crafted
configuration (".ftd") file. Versions prior to FactoryTalk
Diagnostics Viewer 2.30.00 are affected.
Ref: http://www.securityfocus.com/bid/48962/references
______________________________________________________________________
11.32.5 CVE: CVE-2011-2555
Platform: Linux
Title: Cisco TelePresence Recording Server Default Root Credentials
Authentication Bypass
Description: Cisco TelePresence Recording Server is an application for
remote communication. The application is exposed to a remote
authentication bypass issue. Cisco TelePresence Recording Server
Software Release 1.7.2 is affected.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20110729-tp.shtml
______________________________________________________________________
11.32.6 CVE: Not Available
Platform: Unix
Title: SCO UnixWare License Policy Manager Daemon "sco_pmd"
Unspecified Denial of Service
Description: UnixWare is a UNIX operating system maintained by SCO
Group. UnixWare is exposed to a denial of service issue caused
by an unspecified error in the License Policy Manager Daemon
"sco_pmd". UnixWare 7.1.4 is vulnerable and other versions may also be
affected.
Ref:
ftp://ftp.sco.com/pub/unixware7/714/security/p535239a_uw7/p535239a_uw7.txt
______________________________________________________________________
11.32.7 CVE: CVE-2011-1742
Platform: Cross Platform
Title: EMC Data Protection Advisor Account Credentials Local
Information Disclosure
Description: EMC Data Protection Advisor manages data protection
environments. The application is exposed to a local information
disclosure issue. Specifically, this issue occurs because under
certain circumstances, the configuration file of the application
discloses the sensitive account credentials in plain text form.
Versions prior to EMC Data Protection Advisor 5.8.1 are affected.
Ref: http://www.securityfocus.com/archive/1/519012
______________________________________________________________________
11.32.8 CVE: CVE-2011-2400
Platform: Cross Platform
Title: HP SiteScope Unspecified Cross-Site Scripting Vulnerability
Description: HP SiteScope is an agent-less monitoring application. The
application is exposed to an unspecified cross-site scripting issue
because it fails to properly sanitize user-supplied input before using
it in dynamically generated content. HP SiteScope versions 11.x, 10.x,
9.x, and prior are affected.
Ref:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02940969&ac.admitted=1311850160211.876444892.199480143
______________________________________________________________________
11.32.9 CVE: CVE-2011-2399
Platform: Cross Platform
Title: HP OpenView Storage Data Protector Denial of Service
Description: HP OpenView Storage Data Protector is a commercial
data management product for backup and recovery operations. The
application is exposed to a remote denial of service issue.
Specifically, this issue affects the media management daemon
component. HP OpenView Storage Data Protector versions 6.0, 6.10, and
6.11 are affected.
Ref:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940981
______________________________________________________________________
11.32.10 CVE: CVE-2011-2402,CVE-2011-2403
Platform: Cross Platform
Title: HP Network Automation Unspecified Cross-Site S cripting and SQL
Injection Vulnerabilities
Description: HP Network Automation is an application for managing
network data. The application is exposed to multiple issues. An
unspecified cross-site scripting issue is caused by a failure to properly
sanitize user-supplied input. An SQL injection issue is caused by a failure
to properly sanitize user-supplied input before using it in an
SQL query. HP Network Automation versions 7.2x, v7.5x, v7.6x, v9.0 and
v9.10 are affected.
Ref: http://www.securityfocus.com/archive/1/519054
______________________________________________________________________
11.32.11 CVE: CVE-2011-2524
Platform: Cross Platform
Title: Libsoup SoupServer Directory Traversal
Description: Libsoup is an HTTP client server library for GNOME. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input. The problem affects the
"SoupServer" component and can be exploited by sending a specially
crafted URI request containing directory traversal strings to the
affected server. libsoup 2.4 is vulnerable and other versions may also
be affected.
Ref: http://www.securityfocus.com/bid/48926/discuss
______________________________________________________________________
11.32.12 CVE: Not Available
Platform: Cross Platform
Title: FlexNet License Server Manager "lmadmin" Component Heap
Buffer Overflow Vulnerability
Description: FlexNet License Server Manager is a license management
application. The application is exposed to a remote heap-based buffer
overflow issue that affects the "lmadmin" component
when handling packets that include opcode 0x2f. Specifically, the
application fails to perform adequate boundary checks on user-supplied
data before copying it into a fixed size buffer. All versions of
FlexNet License Server Manager are affected.
Ref: http://www.securityfocus.com/archive/1/519060
______________________________________________________________________
11.32.13 CVE: Not Available
Platform: Cross Platform
Title: ManageEngine ServiceDesk Plus Multiple HTML Injection
Vulnerabilities
Description: ManageEngine ServiceDesk Plus is a helpdesk application
that is available for Windows and Linux. The application is exposed to
multiple HTML injection issues because it fails to properly sanitize
user supplied input passed to the following scripts and parameters:
"SetUpWizard.do":"Name", "SiteDef.do":"Site name",
"GroupResourcesDef.do":"Group Name", "LicenseAgreement.do":"Agreement
Number", "ManualNodeAddition.do":"Name". ManageEngine ServiceDesk Plus
8.0 is vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/48928/discuss
______________________________________________________________________
11.32.14 CVE: Not Available
Platform: Cross Platform
Title: Sybase Products Multiple Unspecified Vulnerabilities
Description: Multiple Sybase products are exposed to multiple
unspecified issues. An unspecified error occurs in the Open Server
component when handling Tabular Data Stream packets. An unspecified
error occurs in the Open Server component when handling certain login
packets. Sybase Adaptive Server Enterprise 15, Sybase EAServer 6, Sybase
ECDA 15, Sybase MFC/DC 15, Sybase OpenSwitch 15, Sybase Replication
Server 15 are affected.
Ref: http://www.sybase.com/detail?id=1094235
______________________________________________________________________
11.32.15 CVE:
CVE-2011-2893,CVE-2011-2888,CVE-2011-2887,CVE-2011-2886,CVE-2011-2885
CVE-2011-2884
Platform: Cross Platform
Title: IBM Lotus Symphony Multiple Denial of Service Vulnerabilities
and Unspecified Vulnerabilities
Description: IBM Lotus Symphony is productivity software that contains
three applications: Lotus Symphony Documents, Lotus Symphony
Spreadsheets, and Lotus Symphony Presentations. IBM Lotus Symphony is
exposed to multiple unspecified issues (CVE-2011-2884) and multiple
denial of service issues (CVE-2011-2885, CVE-2011-2886).
IBM Lotus Symphony 3 versions prior to Fix Pack 3 are affected.
Ref: http://www.securityfocus.com/bid/48936/references
______________________________________________________________________
11.32.16 CVE: Not Available
Platform: Cross Platform
Title: ActFax Server "USER" Command Remote Buffer Overflow
Vulnerability
Description: ActFax is a fax server for Windows and Unix. The
application is exposed to a remote buffer overflow issue because it
fails to perform adequate boundary checks on user-supplied data. This
issue occurs when handling a specially crafted "USER" command. ActFax
versions 4.27 and prior are affected.
Ref: http://www.securityfocus.com/bid/48947/references
______________________________________________________________________
11.32.17 CVE: Not Available
Platform: Cross Platform
Title: Skype Facebook Plugin Multiple Cross-Site Scripting
Vulnerabilities
Description: Skype is peer-to-peer communications software that
supports internet-based voice communications. Skype is exposed to
multiple cross-site scripting issues in the facebook plugin because
the application fails to sanitize user-supplied input to the "comment"
and "wall posting" fields. Versions prior to Skype 5.5 are affected.
Ref: http://www.securityfocus.com/bid/48950/references
______________________________________________________________________
11.32.18 CVE:
CVE-2011-2819,CVE-2011-2818,CVE-2011-2805,CVE-2011-2804,CVE-2011-2803
CVE-2011-2802,CVE-2011-2801,CVE-2011-2800,CVE-2011-2799,CVE-2011-2798
CVE-2011-2797,CVE-2011-2796,CVE-2011-2795,CVE-2011-2794,CVE-2011-2793
CVE-2011-2792,CVE-2011-2791,CVE-2011-2790,CVE-2011-2789,CVE-2011-2788
CVE-2011-2787,CVE-2011-2786,CVE-2011-2785,CVE-2011-2784,CVE-2011-2783
CVE-2011-2782,CVE-2011-2361,CVE-2011-2360,CVE-2011-2359,CVE-2011-2358
Platform: Cross Platform
Title: Google Chrome Multiple Security Vulnerabilities
Description: Google Chrome is a web browser for multiple platforms.
The application is exposed to multiple security issues. See reference
for further details. Versions prior to Chrome 13.0.782.107 are affected.
Ref:
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
______________________________________________________________________
11.32.19 CVE: CVE-2011-2522
Platform: Web Application - Cross Site Scripting
Title: Samba SWAT Cross-Site Request Forgery Vulnerability
Description: SAMBA SWAT (Samba Web Administration Tool) is an
administration tool for Samba. SAMBA SWAT is exposed to multiple
cross-site request forgery issues. These issues can be exploited by
manipulating the following parameters: "smbd_start", "smbd_stop",
"smbd_restart", "nmbd_start", "nmbd_stop", "nmbd_restart". SAMBA SWAT
3.0 through 3.5.9 are affected.
Ref: http://www.samba.org/samba/security/CVE-2011-2522
______________________________________________________________________
11.32.20 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SEO Panel Multiple Cross-Site Scripting Vulnerabilities
Description: SEO Panel is a search engine optimization tool
implemented in PHP. The application is exposed to multiple cross-site
scripting issues because it fails to properly sanitize user-supplied
input submitted to multiple scripts and parameters. SEO Panel
3.0.0 is vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/48933/references
______________________________________________________________________
11.32.21 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities
Description: Ecava IntegraXor is web-based HMI/SCADA software. The
application is exposed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input. Ecava IntegraXor
versions prior to 3.60.4080 are affected.
Ref: http://www.securityfocus.com/bid/48958/references
______________________________________________________________________
11.32.22 CVE: Not Available
Platform: Web Application
Title: MyWebServer dot Character Remote Script File Disclosure
Description: MyWebServer is a peer-to-peer web, file and application
server. The application is exposed to a file disclosure issue because
it fails to properly sanitize user-supplied input. Specifically, an
attacker can obtain the source code of a file by providing a dot "."
or " " character at the end of the filename in an HTTP request.
MyWebServer 1.0.3 is vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/48921/references
______________________________________________________________________
11.32.23 CVE: Not Available
Platform: Web Application
Title: CFTP Insecure Cookie Authentication Bypass Vulnerability
Description: CFTP is a web-based application implemented in PHP. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. Specifically, attackers can gain administrative access
to the application by setting the "access" cookie parameter to "admin"
and "userlevel" cookie parameter to "9". cFTP r80 is vulnerable; other
versions may also be affected.
Ref: http://www.securityfocus.com/bid/48931/discuss
______________________________________________________________________
11.32.24 CVE: Not Available
Platform: Web Application
Title: Group-Office Command Injection and SQL Injection
Vulnerabilities
Description: Group-Office is a PHP-based content manager. The
application is exposed to an SQL injection issue and a command
injection issue because it fails to properly sanitize user-supplied
input to unspecified parameters and scripts. Versions prior to
Group-Office 3.7.25 are affected.
Ref: http://www.securityfocus.com/bid/48941/references
______________________________________________________________________
11.32.25 CVE: Not Available
Platform: Web Application
Title: ZoneMinder "view" Parameter Local File Include Vulnerability
Description: ZoneMinder is a freely available application designed to
control and record video from security cameras. It contains a
web-based administrative application implemented in PHP. The
application is exposed to a local file include issue because it fails
to properly sanitize user supplied-input submitted to the "view"
parameter in the "web/index.php" script. Versions prior to ZoneMinder
1.24.4 are affected.
Ref: http://www.securityfocus.com/bid/48949/references
______________________________________________________________________
11.32.26 CVE: Not Available
Platform: Network Device
Title: Avaya Secure Access Link Gateway Invalid Domain Servers
Information Disclosure Vulnerability
Description: Avaya Secure Access Link is a gateway that provides
security solutions for remote access management. The application is
exposed to an information disclosure issue. Specifically, by default
the application incorrectly points the Secondary Core Server URL and
the Remote Server URL to "secavaya.com" and "secaxeda.com"
respectively; these domains are invalid. This can result in the
application sending sensitive information such as alarms or logs to
the email addresses of these invalid domain severs. Secure Access Link
1.5, 1.8, and 2.0 are affected.
Ref: http://support.avaya.com/css/P8/documents/100140483
______________________________________________________________________
11.32.27 CVE: CVE-2011-1339
Platform: Hardware
Title: Google Search Appliance Unspecified Cross-Site Scripting
Description: Google Search Appliance is a commercial search device
produced by Google. Google Search Appliance is exposed to a cross-site
scripting issue because it fails to properly sanitize certain
unspecified user-supplied input. Versions prior to
Google Search Appliance 5.0 are affected.
Ref: http://www.securityfocus.com/bid/48957/discuss
______________________________________________________________________
