Vulnerability Summary for the Week of October 4, 2010
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
dustincowell -- free_simple_cms | Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) body, (2) footer, (3) header, (4) menu_left, or (5) menu_right parameter. | 2010-10-05 | 7.5 | CVE-2010-3307 MLIST MLIST MISC SECUNIA |
google -- chrome | WebKit, as used in Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to have an unknown impact via a malformed SVG document. | 2010-10-04 | 9.3 | CVE-2010-1822 CONFIRM CONFIRM CONFIRM |
google -- chrome | The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors. | 2010-10-05 | 9.3 | CVE-2010-3729 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue. | 2010-10-05 | 9.3 | CVE-2010-3730 CONFIRM CONFIRM |
ibm -- db2 | Buffer overflow in the Administration Server component in IBM DB2 UDB 9.5 before FP6a allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information. | 2010-10-05 | 10.0 | CVE-2010-3731 VUPEN SECUNIA CONFIRM |
ibm -- db2 | The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file. | 2010-10-05 | 7.2 | CVE-2010-3733 AIXAPAR CONFIRM |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- apr-util | The apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | 2010-10-04 | 5.0 | CVE-2010-1623 VUPEN CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM VUPEN BID MANDRIVA CONFIRM CONFIRM SECUNIA |
apache -- subversion | authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. | 2010-10-04 | 6.0 | CVE-2010-3315 CONFIRM CONFIRM SECUNIA |
ibm -- db2 | The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. | 2010-10-05 | 5.0 | CVE-2010-3734 AIXAPAR CONFIRM |
ibm -- db2 | Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server. | 2010-10-05 | 4.0 | CVE-2010-3736 AIXAPAR CONFIRM |
ibm -- db2 | The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery. | 2010-10-05 | 5.0 | CVE-2010-3738 AIXAPAR CONFIRM |
ibm -- db2_universal_database | The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. | 2010-10-05 | 6.4 | CVE-2010-3739 AIXAPAR CONFIRM |
ibm -- db2 | The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function. | 2010-10-05 | 4.0 | CVE-2010-3740 AIXAPAR CONFIRM |
linux -- kernel | Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. | 2010-10-04 | 6.6 | CVE-2010-3437 CONFIRM CONFIRM BID MLIST MLIST CONFIRM EXPLOIT-DB MISC |
linux -- kernel | Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. | 2010-10-04 | 4.7 | CVE-2010-3442 CONFIRM CONFIRM CONFIRM MLIST MLIST MLIST MLIST |
linux -- kernel | Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by closing a Hypervisor Virtual Console device, related to the hvc_open and hvc_remove functions. | 2010-10-05 | 6.9 | CVE-2010-2653 CONFIRM CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST CONFIRM CONFIRM MLIST |
nokia -- qt_creator | Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-04 | 6.9 | CVE-2010-3374 CONFIRM CONFIRM VUPEN VUPEN BID MANDRIVA |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ibm -- db2 | The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers. | 2010-10-05 | 3.5 | CVE-2010-3732 AIXAPAR CONFIRM |
ibm -- db2 | The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time. | 2010-10-05 | 2.1 | CVE-2010-3735 AIXAPAR CONFIRM |
ibm -- db2 | Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server. | 2010-10-05 | 3.5 | CVE-2010-3737 AIXAPAR CONFIRM |
joomla -- joomla! | Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. | 2010-10-05 | 3.5 | CVE-2010-2535 MLIST MLIST MISC CONFIRM |
rim -- blackberry_desktop_software | The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack. | 2010-10-05 | 2.1 | CVE-2010-3741 MISC MISC MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.