Bulletin (SB09-285)
Vulnerability Summary for the Week of October 5, 2009
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. |
High Vulnerabilities | ||||
---|---|---|---|---|
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
emc -- captiva_pixtools_distributed_imaging |
Multiple insecure method vulnerabilities in the PDIControl.PDI.1 ActiveX control (PDIControl.dll) 2.2.3160.0 in EMC Captiva PixTools Distributed Imaging 2.2 allow remote attackers to create or overwrite arbitrary files via the (1) SetLogFileName and (2) WriteToLog methods. | 2009-10-06 | 9.3 | CVE-2009-3573 XF VUPEN MISC BID SECUNIA |
hp -- hp-ux |
Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors. | 2009-10-05 | 7.8 | CVE-2009-2679 BID HP HP |
openoffice -- openoffice.org |
Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side stack overflow exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | 2009-10-06 | 9.3 | CVE-2009-3569 SECTRACK BID MISC |
openoffice -- openoffice.org |
Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 200901005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | 2009-10-06 | 10.0 | CVE-2009-3570 SECTRACK BID MISC |
openoffice -- openoffice.org |
Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 200901005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | 2009-10-06 | 9.3 | CVE-2009-3571 SECTRACK BID MISC |
tatsuhiro_tsujikawa -- aria2 |
Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. | 2009-10-07 | 10.0 | CVE-2009-3575 CONFIRM BID MANDRIVA |
tony_million -- tuniac |
Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a .pls playlist file, possibly a buffer overflow. | 2009-10-06 | 9.3 | CVE-2009-3574 MILW0RM |
vspanel -- vs_panel |
SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter. | 2009-10-08 | 7.5 | CVE-2009-3590 XF BID MILW0RM SECUNIA |
xen -- xen |
The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password. | 2009-10-05 | 7.2 | CVE-2009-3525 CONFIRM CONFIRM MLIST |
Back to top |
Medium Vulnerabilities | ||||
---|---|---|---|---|
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
datawizard -- ftpxq_server |
DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticated users to cause a denial of service (crash) via a long ABOR command. | 2009-10-05 | 4.0 | CVE-2009-3545 VUPEN |
dave_reid -- commentrss gabor_hojtsy -- commentrss |
Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed. | 2009-10-06 | 5.0 | CVE-2009-3568 CONFIRM CONFIRM CONFIRM |
digitaldesign -- ddcms |
Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd. | 2009-10-08 | 5.0 | CVE-2009-3597 XF MILW0RM |
freebsd -- freebsd |
Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption. | 2009-10-06 | 6.9 | CVE-2009-3527 SECTRACK BID FREEBSD |
inotify -- incron |
incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table. | 2009-10-08 | 4.6 | CVE-2009-3589 CONFIRM |
kayako -- esupport kayako -- supportsuite |
Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145. | 2009-10-06 | 4.3 | CVE-2009-3567 CONFIRM |
mortbay -- jetty |
Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/. | 2009-10-07 | 4.3 | CVE-2009-3579 BUGTRAQ MISC |
openbsd -- openbsd |
OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors. | 2009-10-06 | 4.9 | CVE-2009-3572 BID OPENBSD OPENBSD OPENBSD MLIST |
reductivelabs -- puppet |
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files. | 2009-10-06 | 4.7 | CVE-2009-3564 MISC |
samba -- samba |
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. | 2009-10-07 | 4.0 | CVE-2009-2906 FEDORA FEDORA VUPEN UBUNTU BID SLACKWARE |
xerver -- xerver |
Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. | 2009-10-05 | 5.0 | CVE-2009-3544 MILW0RM SECUNIA OSVDB |
xerver -- xerver |
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action. | 2009-10-05 | 5.0 | CVE-2009-3561 MILW0RM |
Back to top |
Low Vulnerabilities | ||||
---|---|---|---|---|
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
samba -- samba |
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option. | 2009-10-07 | 1.9 | CVE-2009-2948 FEDORA FEDORA UBUNTU SECTRACK BID CONFIRM SLACKWARE |
xerver -- xerver |
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action. | 2009-10-05 | 2.6 | CVE-2009-3562 BID MILW0RM SECUNIA |
Back to top |
This product is provided subject to this Notification and this Privacy & Use policy.