Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-54-205-225-18.compute-1.amazonaws.com [54.205.225.18]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen month 11 / 2011

System: Several
Topic: Vulnerability in Adobe Flex SDK
Links: APSB11-25, CVE-2011-2461, X-Force #71580
ID: ae-201111-084

An important vulnerability has been identified in the Adobe Flex SDK 4.5.1 and earlier 4.x versions and 3.x versions on the Windows, Macintosh and Linux operating systems. This vulnerability could lead to cross-site scripting (XSS) issues in Flex applications. Adobe recommends users of the Adobe Flex SDK 4.5.1 and earlier 4.x versions, and the Adobe Flex SDK 3.6 and earlier 3.x versions update their software, verify whether any SWF files in their applications are vulnerable, and update any vulnerable SWF files.

System: Debian GNU/Linux
Topic: Vulnerabilities in cups and clearsilver
Links: DSA-2354, CVE-2011-2896, CVE-2011-3170, ESB-2011.1183,
DSA-2355, CVE-2011-4357, ESB-2011.1184
ID: ae-201111-083

Missing input sanitising in the GIF decoder inside the Cups printing system could lead to Denial-of-Service (DoS) or potentially arbitrary code execution through crafted GIF files. A format string vulnerability in the Python bindings for the Clearsilver HTML template system may lead to Denial-of-Service or the execution of arbitrary code.
Updated packages are available now.

System: Red Hat Enterprise Linux 5
Topic: Vulnerabilities in Kernel
Links: RHSA-2011-1479, ESB-2011.1181
ID: ae-201111-082

Updated kernel packages that fix multiple security issues, several bugs and one enhancement are now available for Red Hat Enterprise Linux 5. Exploiting the vulnerabilities might lead to increased privileges, access to confidential data and a Denial-of-Service (DoS).

System: Mandriva Linux
Topic: Vulnerabilities in glibc
Links: MDVSA-2011:178, CVE-2011-0536, CVE-2011-1071, CVE-2011-1089, CVE-2011-1095, CVE-2011-1659, CVE-2011-2438
ID: ae-201111-081

Multiple vulnerabilities have been found in glibc. Exploiting them might allow local users to increase their privileges. Further on, a Denial-of-Service (DoS) is possible as well as unauthorized change of environment variables or finding out password hashes.
Updated packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilites in java-1.5.0-ibm
Links: RHSA-2011-1478, CVE-2011-3556, CVE-2011-3554, CVE-2011-3552, CVE-2011-3549, CVE-2011-3548, CVE-2011-3547, CVE-2011-3545, ESB-2011.1180
ID: ae-201111-080

Updated java-1.5.0-ibm packages that fix several vulnerabilities are now available for Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 and 6.

System: Debian GNU/Linux
Topic: Vulnerability in ldns
Links: dsa-2353, CVE-2011-3581, ESB-2011.1179
ID: ae-201111-079

Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 may allow remote attackers to execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length. New updates are available to fix this issue.

System: IBM AIX
Topic: Vulnerability in Perl
Links: IBM, CVE-2011-3597, ESB-2011.1178
ID: ae-201111-078

Perl is a free software scripting language interpreter. The Digest module for Perl is prone to a vulnerability that will let attackers inject and execute arbitrary Perl code. Remote attackers can exploit this issue to run arbitrary code in the context of the affected application. IBM has provided patches to resolve this issue.

System: HP-UX
Topic: Multiple vulnerabilities in Tomcat Servlet Engine
Links: HPSBUX02725, SSRT100627, CVE-2010-3718, CVE-2010-4476, CVE-2011-0013, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, ESB-2011.1177
ID: ae-201111-077

Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to disclose information, allow authentication bypass, allow Cross-Site Scripting (XSS), gain unauthorized access, or create a Denial-of-Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. HP has published software updates to resolve this issue.

System: SuSE Linux
Topic: Vulnerabilities in NetworkManager, wpa_supplicant, NetworkManager-gnome
Links: SUSE-SA:2011:045, CVE-2006-7246, ESB-2011.1176
ID: ae-201111-076

When 802.11X authentication is used, NetworkManager doesn't pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by the same CA as used in the original network. If password based authentication is used (e.g. via PEAP or EAP-TTLS) this means an attacker could sniff and potentially crack the password hashes of the victims. Updated packages are available now.

System: Several
Topic: Vulnerability in HP Operations Agent and Performance Agent
Links: HPSBMU02726, SSRT100685, CVE-2011-4160, ESB-2011.1174
ID: ae-201111-075

A potential security vulnerability has been identified with HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris. The vulnerability could be locally exploited to gain unauthorized access to a directory. HP has made patches available to resolve this vulnerability.

System: Red Hat Enterprise Linux 6
Topic: Vulnerabilities in Kernel
Links: RHSA-2011-1465, ESB-2011.1173
ID: ae-201111-074

Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. This update is rated as important since some of the vulnerabilities can be exploited remotely.

System: Debian GNU/Linux
Topic: Vulnerability in puppet
Links: DSA-2352, CVE-2011-3872, PuppetLabs, ESB-2011.1172
ID: ae-201111-073

It was discovered that Puppet, a centralized configuration management solution, misgenerates certificates if the "certdnsnames" option is used. This could lead to man in the middle attacks. Updated packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in wireshark
Links: DSA-2351, CVE-2010-4102,ESB-2011.1171
ID: ae-201111-072

Wireshark is a tool for analyzing networks. A buffer overflow has been discovered in Wireshark's ERF dissector. This could lead to the execution of arbitrary code. Updated packages are available now.

System: Mandriva Linux
Topic: Vulnerabilities in freetype2
Links: MDVSA-2011:177, CVE-2011-3439
ID: ae-201111-071

FreeType is a free and portable font engine that can open and manage font files. Multiple input validation flaws were found in the way FreeType processes CID-keyed fonts. If a specially-crafted font file is loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Updated packages are available now.

System: SuSE Linux
Topic: Vulnerabilities in wireshark and firefox
Links: SUSE-SU-2011:1262, CVE-2011-2597, CVE-2011-3266, ESB-2011.1169,
SUSE-SU-2011:1266, CVE-2011-3647, CVE-2011-3648, CVE-2011-3650, ESB-2011.1170,
ID: ae-201111-070

A wireshark version upgrade to 1.4.10 has been published. It fixes various security flaws and other non-security issues. Exploiting them might lead to a Denial-of-Service. Updated firefox packages that fix multiple security issues are now available for SUSE Linux Enterprise Server 10 SP4 and Desktop.

System: Microsoft Windows
Topic: Vulnerability in VMware vCenter Update Manager
Links: VMSA-2011-0014, CVE-2011-4404, ESB-2011.1168
ID: ae-201111-069

VMware vSphere Update Manager is an automated patch management solution for VMware ESX hosts and Microsoft virtual machines. Update Manager embeds the Jetty Web server which is a third party component. The way the Jetty Web Server in vSphere Update Manager is configured allows for directory traversal. This issue is a variant of the directory traversal issue that was addressed in earlier versions of vSphere Update Manager. A configuration update solves this issue.

System: Debian GNU/Linux
Topic: Vulnerabilities in systemtap and freetype
Links: DSA-2348, CVE-2010-4170, CVE-2010-4171, CVE-2011-2503, ESB-2011.1166
DSA-2350, CVE-2011-3439, ESB-2011.1165
ID: ae-201111-068

Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux. Exploiting them might lead to a race condition with privilege escalation included. The same can be achieved modifying the environment variables in stapsrun. Further on, a Denial-of-Service is possible due to insufficient validation of module unloading.
FreeType is a free and portable font engine that can open and manage font files. Multiple input validation flaws were found in the way FreeType processes CID-keyed fonts. If a specially-crafted font file is loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Updated packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in SPIP
Links: DSA-2349, X-Force #71360, X-Force #71361, ESB-2011.1167
ID: ae-201111-067

Two vulnerabilities have been found in SPIP, a website engine for publishing, which allow privilege escalation to site administrator privileges and cross-site scripting. Updated packages are available now.

System: NetBSD
Topic: Vulnerability in LZW decoding loop
Links: NetBSD-SA2011-007, CVE-2011-2895
ID: ae-201111-066

A highly compressable input file could overflow the uncompression stack in libXfont. Also, specially crafted compressed files could cause gzip(1) and compress(1) to go into an endless loop or overflow their uncompression stack. Updated packages are available now.

System: Juniper JUNOS
Topic: Vulnerability in Juniper Junos IPv6-over-IPv4 tunnel
Links: Secunia #46903, X-Force #71348
ID: ae-201111-065

An unspecified vulnerability in the Juniper Junos IPv6-over-IPv4 tunnel implementation could allow a remote attacker to bypass certain security policies on encapsulated IPv6 datagrams. An upgrade to the latest version of Juniper Junos (10.2R3 or later) solves this problem.

System: Microsoft Windows
Topic: Vulnerability in Zenprise Device Manager
Links: VU #584363
ID: ae-201111-064

Zenprise Device Manager is a mobile device management (MDM) software package that can be used to manage an enterprise's mobile device fleet. The Zenprise Device manager web interface is vulnerable to cross-site request forgery (CSRF) attacks. A successful CSRF attack against an admin user will allow a remote attacker to run commands as the admin user on any device managed by Zenprise Device Manager. By tricking a logged in admin user to visit a specially crafted URL, a remote attacker may be able to access any managed device as the admin. The attacker can then perform any action an admin can, including remotely wiping the device. Zenprise has released a patch to address this issue.

System: SuSE Linux
Topic: Vulnerabilities in firefox
Links: SUSE-SU-2011:1256, ESB-2011.1163
ID: ae-201111-063

Updated firefox packages that fix multiple security issues are now available for SUSE Linux Enterprise Server 11 SP1 and Desktop as well as for SUSE Linux Enterprise Software Development Kit 11 SP1.

System: Several
Topic: Vulnerability in CA Directory
Links: CA20111116-01, CVE-2011-3849, ESB-2011.1162
ID: ae-201111-062

CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a Denial-of-Service condition due to insufficient bounds checking. A remote attacker can send a SNMP packet that can cause a crash. Remediation is available to address the vulnerability.

System: HP-UX
Topic: Vulnerability in HP System Administration Manager (SAM)
Links: HPSBUX02724, SSRT100650, CVE-2011-4159, ESB-2011.1160
ID: ae-201111-061

A potential security vulnerability has been identified with HP-UX running SAM. This vulnerability could be locally exploited to create an increase in privilege. HP has published upgrades to resolve this issue.

System: Several
Topic: Vulnerability in IBM WebSphere MQ 6.0
Links: IC78034, ESB-2011.1159
ID: ae-201111-060

WMQ V6 on OVMS could allow local non-privileged users to execute some MQ control commands on the system. This happens when a MQM group default rights is set on the system. By logging in as a low privileged user, an attacker could exploit this vulnerability to execute arbitrary MQ control commands on the system. The fix of this APAR is going to be incorporated in next fixpack release WMQ-V6.0.2.11 on OpenVMS Alpha and Ia64.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in freetype and JBoss Enterprise Middleware
Links: RHSA-2011-1455, CVE-2011-3439, ESB-2011.1157,
RHSA-2011-1456, CVE-2010-1330, CVE-2011-4085, ESB-2011.1158
ID: ae-201111-059

FreeType is a free and portable font engine that can open and manage font files. Multiple input validation flaws were found in the way FreeType processes CID-keyed fonts. If a specially-crafted font file is loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Updated packages are available now.
JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. The new release of JBoss Enterprise SOA Platform 5.2.0 serves as a replacement for JBoss Enterprise SOA Platform 5.1.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise SOA Platform 5.2.0 Release Notes. Besides this, some security vulnerabilities have been fixed in this version.

System: Many
Topic: Vulnerability in BIND
Links: ISC, CVE-2011-4313, ASB-2011.0102, X-Force #71332, VU #606539,
DSA-2347, ESB-2011.1155, MDVSA-2011:176, RHSA-2011-1458, RHSA-2011-1459, ESB-2011.1161, MDVSA-2011:176-1, MDVSA-2011:176-2, SUSE-SU-2011:1268, ESB-2011.1175, RHSA-2011-1496, ESB-2011.1182, HPSBUX02729, SSRT100687, ESB-2011.1192, NetBSD-SA2011-009, ESB-2011.1259, FreeBSD-SA-11:06, ESB-2012.0019, IBM, ESB-2012.0021
ID: ae-201111-058

BIND is a very often used DNS Server. It was discovered that BIND crashes while processing certain sequences of recursive DNS queries, leading to a Denial-of-Service (DoS). Authoritative-only server configurations are not affected by this issue. Updated versions solve this problem.

System: Debian GNU/Linux
Topic: Vulnerabilities in proftpd-dfsg
Links: DSA-2346, CVE-2011-0411, CVE-2011-4130, ESB-2011.1153, ESB-2011.1156
ID: ae-201111-057

ProFTPD is a widely used FTP Server. ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS. Further on, it uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution. Updated packages are available now.

System: Mandriva Linux
Topic: Multiple vulnerabilities in poppler
Links: MDVSA-2011:175
ID: ae-201111-056

Poppler is a PDF rendering library based on the xpdf-3.0 code base. 17 CVE entries from 2009 are cited by Mandriva regarding vulnerbilities in poppler. Now, with an update these security vulnerabilities can be corrected.

System: SuSE Linux
Topic: Several vulnerabilities in Adobe Acrobat Reader
Links: SUSE-SU-2011:1239, APSB11-16, ESB-2011.1152
ID: ae-201111-055

As reported before (ae-201109-036), several vulnerabilities have been found in the Adobe Acrobat reader. Now, version 9.4.6 is available for Unix, too.

System: Some
Topic: Vulnerability in Apple iTunes
Links: APPLE-SA-2011-11-14-1, CVE-2008-3434, ESB-2011.1151
ID: ae-201111-054

iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available. Due to an error handling HTTP respones, a man-in-the-middle attacker may offer software that appears to originate from Apple. It's recommended to install iTunes 10.5.1 now.

System: Network Appliance
Topic: Vulnerabilities in HP StorageWorks P4000 Virtual SAN Appliance
Links: HPSBST02722, SSRT100279, CVE-2011-4157, ESB-2011.1148
ID: ae-201111-053

Potential security vulnerabilities have been identified with HP StorageWorks P4000 Virtual SAN Appliance. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code. HP has published updates to resolve this issue.

System: Several
Topic: Vulnerability in Integrated Lights-Out iLO2 and iLO3
Links: HPSBHF02721, SSRT100605, CVE-2011-4158, ESB-2011.1147
ID: ae-201111-052

A potential security vulnerability has been identified with HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3. The vulnerability could be remotely exploited to allow unauthorized access to the iLO2 or iLO3. HP has made an update and/or workaround available to resolve this vulnerability.

System: Mandriva Linux
Topic: Multiple vulnerabilities in java-1.6.0-openjdk
Links: MDVSA-2011:170
ID: ae-201111-051

Several security issues were identified and fixed in openjdk (icedtea6) and icedtea-web. Since exploiting these might allow untrusted Java applets to affect confidentiality, integrity, and availability via different vectors related to several topics, an immediate update is recommended.

System: Various
Topic: Vulnerabilities in Adobe Flash Player
Links: APSB11-28, ESB-2011.1149,
RHSA-2011-1445, ESB-2011.1150, SUSE-SU-2011:1244, ESB-2011.1154, SUSE-SA:2011:043, ESB-2011.1164
ID: ae-201111-050

Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. It's strongly recommended to install updated versions that are available now.

System: Microsoft Windows
Topic: Vulnerability in Symantec Backup Exec System Recovery, System Recovery, Norton 360 and Norton Ghost
Links: SYM11-014, CVE-2011-3477, ESB-2011.1144
ID: ae-201111-049

Symantec has provided updates for the Gear Software driver GEARAspiWDM.sys in affected versions of supported Symantec products. This update addresses a possible local access Denial-of-Service (DoS) system crash.

System: Many
Topic: Vulnerability in phpMyAdmin
Links: PMASA-2011-17, CVE-2011-4107, ESB-2011.1143
ID: ae-201111-048

Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server). The attacker must be logged in to MySQL via phpMyAdmin. An upgrade to phpMyAdmin 3.4.7.1 or newer (or 3.3.10.5) is recommended, but also patches are available.

System: Microsoft Windows
Topic: Update for Microsoft Windows
Links: Microsoft #2641690, ESB-2011.1142
ID: ae-201111-047

It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority (CA) issued HTTPS certificates with weak keys. An update renders any HTTPS certificates signed by that CA as untrusted.

System: Many
Topic: Vulnerabilities in HP Network Node Manager i (NNMi)
Links: HPSBMU02708, SSRT100633, CVE-2011-4155, CVE-2011-4156, ESB-2011.1141, X-Force #71228, X-Force #71229
ID: ae-201111-046

Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). HP has made a patches available to resolve these vulnerabilities for NNMi 9.0x. HP has made hotfixes available to resolve these vulnerabilities for NNMi 9.1x.

System: Network Appliance
Topic: Vulnerability in Time Capsule and Airport Base Station
Links: APPLE-SA-2011-11-10-2, CVE-2011-0997, ESB-2011.1140
ID: ae-201111-045

Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 is now available. It addresses an issue in the DHCP client. It allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. This issue is addressed by stripping shell meta-characters in dhclient-script.

System: Apple iOS
Topic: Vulnerabilities in Apple iOS
Links: APPLE-SA-2011-11-10-1, CVE-2011-3246, CVE-2011-3439, CVE-2011-3440, CVE-2011-3441, CVE-2011-3442, ESB-2011.1139
ID: ae-201111-044

Several vulnerabilities have been found in Apple iOS. From now on, Apple iOS 5.0.1 is available. It addresses security issues as well as other problems. So it should be installed on the mobile device.

System: Mandriva Linux
Topic: Vulnerabilities in apache and mozilla
Links: MDVSA-2011:168, Apache #51878, CVE-2011-3348,
MDVSA-2011:169, mfsa2011-46, mfsa2011-47, mfsa2011-48, mfsa2011-49, mfsa2011-52
ID: ae-201111-043

A vulnerability has been discovered in Apache, a web server. The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a Denial-of-Service (DoS) via a malformed HTTP request. Several security issues were identified and fixed in Mozilla NSS, Firefox and Thunderbird. They might lead to e.g. Denial-of-Service, Cross-Site Scripting (XSS) or remote code execution.
Updated packages are available now.

System: Network Appliance
Topic: Vulnerability in CitectSCADA and Mitsubishi MX4 SCADA Batch Server
Links: Schneider, ICSA-11-279-02, ESB-2011.1138
ID: ae-201111-042

A buffer overflow affecting Mitsubishi MX4 Supervisory Control and Data Acquisition (SCADA) has been reported. Upon further investigation, MX4 SCADA was found to be a version of CitectSCADA, a product offered by Schneider Electric. The Advisory includes a full list of known affected products.
A buffer overflow vulnerability resides in a third-party component used by the CitectSCADA and MX4 SCADA Batch products. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
Updates are available now.

System: Network Appliance
Topic: Vulnerabilities in Dell KACE K2000 Appliance
Links: VU #135606, VU #193529, CVE-2011-4046, ESB-2011.1137
ID: ae-201111-041

The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale operating systems deployment. Some versions of the product contain a backdoor administrator account with a fixed password, accessible via the administrative web interface of the device. Furthermore, the backdoor account is not visible from, and cannot be removed via the appliance's administrative web interface. Further on, several components that support the administrative web interface supplied with the system are vulnerable to reflected (i.e., non-persistent) script injection. These Cross-Site Scripting (XSS) attacks can be carried out by sending a user to the script, e.g. by link or E-Mail.
A solution is currently not available.

System: Microsoft Windows
Topic: Vulnerabilities in Novell Zenworks
Links: Novell #7009570, ZDI-11-317, ZDI-11-318, ZDI-11-319, CVE-2011-2657, CVE-2011-2658, CVE-2011-3174, ESB-2011.1136
ID: ae-201111-040

Three vulnerabilities have been found in Novell ZENworks 10, Novell ZENworks 11, and Novell ZENworks AdminStudio. All of them might allow remote code execution. The vulnerabilities are located in ActiveX Controls and the Software Packaging, respectively. A corresponding fix is available now.

System: Various
Topic: Vulnerabilities in Drupal third-party modules
Links: DRUPAL-SA-CONTRIB-2011-053, DRUPAL-SA-CONTRIB-2011-054, DRUPAL-SA-CONTRIB-2011-055, ESB-2011.1135
ID: ae-201111-039

Vulnerabilities have been found in the Drupal Third Party Modules Quiz, CKEditor, and Webform CiviCRM Integration. They allow remote attackers to initiate Cross-Site Scripting (XSS), Access bypass and other possibilities. Patches are available now. Please be aware that Drupal Core is not affected.

System: Several
Topic: Vulnerabilities in HP Integrated Lights-Out
Links: HPSBHF02706, SSRT100613, CVE-2008-7270, CVE-2009-3555, CVE-2010-4180, ESB-2011.1133
ID: ae-201111-038

Potential security vulnerabilities have been identified with HP Integrated Lights-Out iLO2 and iLO3 running SSL/TLS. The vulnerabilities could be remotely exploited to create a Denial-of-Service (DoS) or unauthorized modification. HP has made Firmware updates available to resolve the vulnerabilities.

System: Debian GNU/Linux
Topic: Vulnerabilities in iceweasel/iceape/icedove, openssl, and python-django-piston
Links: DSA-2341, DSA-2342, DSA-2345, CVE-2011-3647, CVE-2011-3648, CVE-2011-3650, ESB-2011.1131, ESB-2011.1145,
DSA-2343, ESB-2011.1132,
DSA-2344, CVE-2011-4103, ESB-2011.1146
ID: ae-201111-037

Vulnerabilities in iceweasel, iceape, and icedove might lead to Cross-Site Scripting (XSS) attacks, increased privileges and remote execution of arbitrary code. For OpenSSL an update responds on weak certificates that were issued by the Malaysian intermediate CA "Digicert Sdn. Bhd.". It's necessary to revoke the CAs cross-signed certificates. Further on, it has been found out that the Piston framework can deserialize untrusted YAML and Pickle data, leading to remote code execution.
Updated packages are available now.

System: Red Hat Enterprise Linux
Topic: Update for NSS
Links: RHSA-2011-1444, ESB-2011.1134
ID: ae-201111-036

The Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority (CA) issued HTTPS certificates with weak keys. An update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Digicert Sdn. Bhd. is not the same company as found at digicert.com.

System: Cisco
Topic: Vulnerability in Cisco TelePresence
Links: cisco-sa-20111109, ESB-2011.1130
ID: ae-201111-035

Due to a manufacturing error, Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices that were distributed between November 18th, 2010 and September 19th, 2011 may have the root account enabled. New updates are available.

System: Many
Topic: Vulnerability in Apache Tomcat
Links: CVE-2011-3376, ESB-2011.1129
ID: ae-201111-034

The Servlets that implement the functionality of the Manager application that ships with Apache Tomcat should only be available to Contexts that are marked as privileged. However, this check was not being made.This allowed an untrusted web application to use the functionality of the Manager application. This could be used to obtain information on running web applications as well as deploying additional web applications. To mitigate the risk upgrade to version 7.0.22 or later.

System: Red Hat Linux
Topic: Vulnerabilities in firefox, thunderbird, seamonkey, icedtea-web
Links: RHSA-2011-1437, RHSA-2011-1438, RHSA-2011-1439, RHSA-2011-1440, RHSA-2011-1441, CVE-2011-3650, CVE-2011-3648, CVE-2011-3647, ESB-2011.1128
ID: ae-201111-033

Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.

System: Red Hat Linux
Topic: Vulnerabilities in acroread
Links: RHSA-2011-1434, CVE-2011-2444, CVE-2011-2442, CVE-2011-2440, CVE-2011-2439, CVE-2011-2438, CVE-2011-2437, CVE-2011-2436, CVE-2011-2435, CVE-2011-2434, CVE-2011-2433, CVE-2011-2432, CVE-2011-2431, CVE-2011-2430, CVE-2011-2429, CVE-2011-2428, CVE-2011-2427, CVE-2011-2426, CVE-2011-2425, CVE-2011-2424, CVE-2011-2417, CVE-2011-2416, CVE-2011-2415, CVE-2011-2414, CVE-2011-2140, CVE-2011-2139, CVE-2011-2138, CVE-2011-2137, CVE-2011-2136, CVE-2011-2135, CVE-2011-2134, CVE-2011-2130, ESB-2011.1127
ID: ae-201111-032

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary.

System: OSX
Topic: Vulnerabilities in Java
Links: CVE-2011-3561, CVE-2011-3560, CVE-2011-3558, CVE-2011-3557, CVE-2011-3556, CVE-2011-3556, CVE-2011-3554, CVE-2011-3553, CVE-2011-3552, CVE-2011-3551, CVE-2011-3549, CVE-2011-3548, CVE-2011-3547, CVE-2011-3546, CVE-2011-3545, CVE-2011-3544, CVE-2011-3521, CVE-2011-3389, ESB-2011.1126
ID: ae-201111-031

A new Java update for Mac OS X is available. This update eliminates several known vulnerabilities.

System: Microsoft Windows, OSX
Topic: Vulnerabilities in Adobe Shockwave Player
Links: apsb11-27, CVE-2011-2449, CVE-2011-2448, CVE-2011-2447, CVE-2011-2446, ESB-2011.1125
ID: ae-201111-030

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.6.1.629 and earlier versions on Windows and Macintosh platforms. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. A new updates is available.

System: Microsoft Windows
Topic: Vulnerability in Microsoft Windows
Links: ms11-086, CVE-2011-2014, ESB-2011.1124
ID: ae-201111-029

The LDAP over SSL implementation in Active Directory, Active Directory Application Mode, and Active Directory Lightweight Directory Service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists, which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account. New updates are available.

System: Microsoft Windows
Topic: Vulnerability in Microsoft Windows
Links: ms11-085, CVE-2011-2016, ESB-2011.1123
ID: ae-201111-028

Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. New updates are available.

System: Microsoft Windows 7, Windows Server 2008 R2
Topic: Vulnerability in Microsoft Windows
Links: ms11-084, 2011-2004, ESB-2011.1122
ID: ae-201111-027

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (Dos) via a crafted TrueType font file. New updates are available.

System: Microsoft Windows
Topic: Vulnerability in Microsoft Windows
Links: ms11-083, CVE-2011-2013, ESB-2011.1121
ID: ae-201111-026

Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port. Updates are available to address this issue.

System: Debian
Topic: Vulnerability in postgresql
Links: dsa-2340, CVE-2011-2483, ESB-2011.1120
ID: ae-201111-025

Crypt_blowfish before 1.1 does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. New packets are available.

System: Many
Topic: Vulnerabilities in nss
Links: dsa-2339, CVE-2011-3640, ESB-2011.1119
ID: ae-201111-024

A new update to the NSS cryptographic libraries revokes the trust in the "DigiCert Sdn. Bhd" certificate authority and also fixes an insecure load path for pkcs11.txt configuration file.

System: Many
Topic: Vulnerabilities in moodle
Links: dsa-2338, ESB-2011.1118
ID: ae-201111-023

Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning.

System: Many
Topic: Vulnerabilities in ffmpeg
Links: dsa-2336, CVE-2011-3974, CVE-2011-3973, CVE-2011-3504, CVE-2011-3362, ESB-2011.1117
ID: ae-201111-022

An integer signedness error in decode_residual_block function of the Chinese AVS video decoder in libavcodec can lead to denial of service or possible code execution via a crafted CAVS file. Multiple errors in the Chinese AVS video (CAVS) decoder can lead to denial of service via an invalid bitstream. A memory allocation problem in the Matroska format decoder can lead to code execution via a crafted file. New packets are available.

System: Suse Linux
Topic: Vulnerability in Gimp
Links: CVE-2011-2896, ESB-2011.1116
ID: ae-201111-021

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream. A new update is available.

System: Suse Linux
Topic: Vulnerabilities in Apache
Links: CVE-2011-3368, CVE-2011-3348, CVE-2011-3192, ESB-2011.1115
ID: ae-201111-020

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request. The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges. New packets are available for download.

System: Suse Linux
Topic: Vulnerabilities in pam
Links: CVE-2011-3149, CVE-2011-3148, CVE-2010-3316, ESB-2011.1114
ID: ae-201111-019

The pam_env module is vulnerable to a stack overflow and a denial of service (DoS) condition, when parsing users andpam_environment files. Additionally a missing return value check inside pam_xauth has been fixed. New packets are available for download.

System: Suse Linux
Topic: Vulnerabilities in popt
Links: CVE-2011-3378, ESB-2011.1113
ID: ae-201111-018

Specially crafted RPM packages could have caused memory corruption in rpm, when verifying signatures. New updates are available to address this issue.

System: AIX
Topic: Vulnerabilities in OpenSSL
Links: openssl_advisory2, CVE-2011-0014, CVE-2010-4180, CVE-2010-3864, ESB-2011.1112
ID: ae-201111-017

Multiple vulnerabilities habe been identified in OpenSSL. These vulnerabilities may lead to the execution of arbitrary code, denial of service (Dos) attacks, and may allow attackers to access confidential data. New updates are available for download.

System: Several
Topic: Vulnerabilities in TCP/IP Services for OpenVMS
Links: HPSBOV02470 SSRT080123 rev.1, CVE-2011-3169, CVE-2011-3168, ESB-2011.1111
ID: ae-201111-016

Potential security vulnerabilities have been identified with HP OpenVMS TCP/IP Services running SMTP server. The vulnerabilities could result in a remote Denial of Service (DoS). New updates are available.

System: Debian
Topic: Vulnerabilities in xen
Links: dsa-2337, CVE-2011-3262, CVE-2011-1898, CVE-2011-1583, CVE-2011-1166, ESB-2011.1110
ID: ae-201111-015

Several vulnerabilities were discovered in the Xen virtual machine hypervisor. These vulnerabilities may lead to denial of service (DoS) attacks and the execution of arbitrary code. New updates are available.

System: Debian
Topic: Vulnerability in man2hhtml
Links: dsa-2335, CVE-2011-2770, ESB-2011.1109
ID: ae-201111-014

It was discovered that the Debian-native CGI wrapper for man2html, a program to convert UNIX man pages to HTML, is not properly escaping user-supplied input when displaying various error messages. A remote attacker can exploit this flaw to conduct cross-site scripting (XSS) attacks. A new update is available.

System: Several
Topic: Vulnerabilities in mahara
Links: dsa-2334, CVE-2011-2773, CVE-2011-2772, CVE-2011-2771, ESB-2011.1108
ID: ae-201111-013

Several flaws were found in mahara, which may lead to denial of service (Dos), cross-site scripting (XSS) and cross-site forgery request attacks. New updates are available.

System: Microsoft Windows
Topic: Vulnerability in EMC Documentum eRoom
Links: CVE-2011-2739, ESB-2011.1107
ID: ae-201111-012

EMC Documentum eRoom contains a possible vulnerability which can be potentially exploited to upload arbitrary files to the system. A new update is available for download.

System: Microsoft Windows
Topic: Vulnerability in Microsoft Windows TrueType font parsing engine
Links: 2639658, CVE-2011-3402, ESB-2011.1106
ID: ae-201111-011

A vulnerability was detected in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.

System: Several
Topic: Vulnerability in RSA Key Manager Appliance
Links: ESA-2011-035, CVE-2011-2740, ESB-2011.1105
ID: ae-201111-010

RSA has delivered an update on RSA Key Manager Appliance 2.7 Service Pack1 that includes security related component updates including Oracle Critical Patch Update (CPU) July 2011 and RSA Access Manager Server, security vulnerability fix, hot fix roll-ups and bug fixes. Appliance user session is not terminated properly after logout using Firefox 4 and 5.

System: Several
Topic: Vulnerabilities in HP OpenView Network Node Manager (OV NNM)
Links: HPSBMU02704, SSRT100619, CVE-2011-0419, CVE-2011-3192, CVE-2011-3348, ESB-2011.1104
ID: ae-201111-009

Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. The vulnerabilities could be exploited remotely to create a Denial-of-Service (DoS). HP has provided Apache-2.2.21 to resolve the vulnerabilities.

System: Various
Topic: Vulnerabilities in Drupal third-party modules
Links: DRUPAL-SA-CONTRIB-2011-051, DRUPAL-SA-CONTRIB-2011-052, ESB-2011.1103
ID: ae-201111-008

Vulnerabilities have been found in the Drupal Third Party Modules Views and HotBlocks. They allow remote attackers to initiate Cross-Site Request Forgery (CSRF) and the execution of arbitrary code. Additionally users with an existing account are able to carry out Cross-Site Scripting (XSS) attacks. Patches are available now. Please be aware that Drupal Core is not affected.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in Perl
Links: RHSA-2011-1424, CVE-2011-2939, CVE-2011-3597, ESB-2011.1102
ID: ae-201111-007

Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decodes Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. Further on, the "new" constructor of the Digest module uses its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor.
Updated packages are available now.

System: Cisco
Topic: Vulnerability in Cisco Small Business SRP500 Series
Links: Cisco, CVE-2011-4005, ESB-2011.1100
ID: ae-201111-006

Cisco Small Business SRP500 Series Services Ready Platforms contain an operating system command injection vulnerability. The vulnerability can be exploited via a remote session to the Services Ready Platform Configuration Utility web interface. Cisco has released free software updates that address this vulnerability.

System: Red Hat Enterprise Linux
Topic: Multiple vulnerabilities in php53 / php
Links: RHSA-2011-1423, CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, ESB-2011.1099
ID: ae-201111-005

Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Exploiting them might lead to remote and unauthenticated Denial-of-Service, arbitrary code execution and also a reduced security. So it's recommended to install this update.

System: Red Hat Enterprise Linux
Topic: Vulnerability in openswan
Links: RHSA-2011-1422, CVE-2011-4073, ESB-2011.1098
ID: ae-201111-004

Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). A use-after-free flaw has been found in the way Openswan's pluto IKE daemon uses cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon, meaning a Denial-of-Service (DoS). This issue only affects SMP (symmetric multiprocessing) systems that have the cryptographic helpers enabled.
Updated packages are available for Red Hat Enterprise Linux 5 and 6.

System: Mandriva Linux
Topic: Vulnerabilities in phpLDAPadmin
Links: MDVSA-2011:163, CVE-2011-4075, CVE-2011-4076
ID: ae-201111-003

Two vulnerabilities have been discovered in phpLDAPadmin, a web based interface for administering LDAP servers. Input appended to the URL in cmd.php (when "cmd" is set to "_debug") isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Input passed to the "orderby" parameter in cmd.php isn't properly sanitised in lib/functions.php before being used in a "create_function()" function call. This can be exploited to inject and execute arbitrary PHP code.
Updated packages are available now.

System: Red Hat Enterprise Linux Server 5
Topic: Vulnerabilities in kernel
Links: RHSA-2011-1418, RHSA-2011-1419, CVE-2011-3188, CVE-2011-3209, ESB-2011.1097
ID: ae-201111-002

Updated Kernel packages are available for Red Hat Enterprise Linux Server 5. They fix problems that might lead to remote unauthorized access or a local Denial-of-Service (DoS). Additionally, misleading information might be privided. So it's recommended to install the updated packages.

System: Several
Topic: Vulnerabilities in HP OpenView Network Node Manager (OV NNM)
Links: HPSBMU02712, SSRT100649, CVE-2011-3165, CVE-2011-3166, CVE-2011-3167, ISS X-Force #71074, ISS X-Force #71075, ISS X-Force #71076, ESB-2011.1096
ID: ae-201111-001

Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code under the context of the user running the web server. HP has made patches available to resolve the vulnerabilities for NNM v7.53.



(c) 2000-2014 AERAsec Network Services and Security GmbH