Commonwealth Security and Risk Management staff has been tracking multiple vulnerabilities that may have significant impact for the Commonwealth Information Security Community.
Summary:
1. Adobe ColdFusion Two Cross-Site Scripting Vulnerabilities
2. Apache Struts Conversion Error OGNL Expression Injection Vulnerability
3. APC PowerChute Business Edition Unspecified Cross-Site Scripting Vulnerability
4. Blue Coat ProxyAV libpng Buffer Overflow Vulnerability
5. Cacti Multiple Vulnerabilities
6. Google Chrome Multiple Vulnerabilities
7. HP Device Access Manager for HP ProtectTools ActiveX Control Buffer Overflow Vulnerability
8. HP-UX update for BIND
9. IBM AIX Inventory Scout Data Manipulation and File Deletion Vulnerabilities
10. IBM Tivoli Federated Identity Manager SAML Signature Validation Security Bypass
11. ISC DHCP Regular Expressions Denial of Service Vulnerability
12. Kerberos KDC “process_tgs_req()” NULL Pointer Dereference Denial of Service Vulnerability
13. Microsoft December Security Bulletin Address Multiple Vulnerabilties
a. Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege MS11-088 (2652016) – Important
b. Vulnerability in Microsoft Office Could Allow Remote Code Execution MS11-089 (2590602) – Important
c. Cumulative Security Update of ActiveX Kill Bits MS11-090 (2618451) – Critical
d. Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution MS11-091 (2607702) – Important
e. Vulnerability in Windows Media Could Allow Remote Code Execution MS11-092 (2648048) – Critical
f. Vulnerability in OLE Could Allow Remote Code Execution MS11-093 (2624667) – Important
g. Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution MS11-094 (2639142) – Important
h. Vulnerability in Active Directory Could Allow Remote Code Execution MS11-095 (2640045) – Important
i. Vulnerability in Microsoft Excel Could Allow Remote Code Execution MS11-096 (2640241) – Important
j. Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege MS11-097 (2620712) – Important
k. Vulnerability in Windows Kernel Could Allow Elevation of Privilege MS11-098 (2633171) – Important
l. Cumulative Security Update for Internet Explorer MS11-099 (2618444) – Important
14. Oracle Solaris Adobe Flash Player Multiple Vulnerabilities
15. Red Hat Multiple Vulnerabilities
16. RSA Adaptive Authentication On-Premise Two Security Bypass Vulnerabilities
17. SUSE Multiple Vulnerabilities
18. Trend Micro Control Manager “CGenericScheduler::AddTask()” Buffer Overflow Vulnerability
19. ZENworks Asset Management rtrlet Component Arbitrary File Upload Vulnerability
Vulnerability: Adobe ColdFusion Two Cross-Site Scripting Vulnerabilities
Affected Software:
- Adobe ColdFusion 8.x
- Adobe ColdFusion 9.x
Explanation: Two vulnerabilities have been reported in Adobe ColdFusion, which can be exploited by malicious people to conduct cross-site scripting attacks
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://www.adobe.com/support/security/bulletins/apsb11-29.html
https://secunia.com/advisories/47251
Vulnerability: Apache Struts Conversion Error OGNL Expression Injection Vulnerability
Affected Software:
- Apache Struts 2.x
Explanation: A single vulnerability has been reported in Apache Struts, which can be exploited by malicious people to compromise a vulnerable system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://struts.apache.org/2.x/docs/s2-007.html
https://issues.apache.org/jira/browse/WW-3668
https://secunia.com/advisories/47176
Vulnerability: APC PowerChute Business Edition Unspecified Cross-Site Scripting Vulnerability
Affected Software:
- APC PowerChute Business Edition 8.x
Explanation: A single vulnerability has been reported in APC PowerChute Business Edition, which can be exploited by malicious people to conduct cross-site scripting attacks.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
https://jvn.jp/en/jp/JVN61695284/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000100.html
https://secunia.com/advisories/47113
Vulnerability: Blue Coat ProxyAV libpng Buffer Overflow Vulnerability
Affected Software:
- Blue Coat ProxyAv 3.x
Explanation: Blue Coat has acknowledged a single vulnerability in Blue Coat ProxyAV, which can be exploited by malicious people to compromise a vulnerable device.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
https://kb.bluecoat.com/index?page=content&id=SA65
https://secunia.com/advisories/47104
Vulnerability: Cacti Multiple Vulnerabilities
Affected Software:
- Cacti 0.x
Explanation: Multiple vulnerabilities have been reported in Cacti, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://forums.cacti.net/viewtopic.php?f=4&t=45871
http://forums.cacti.net/viewtopic.php?f=21&t=44116
http://bugs.cacti.net/view.php?id=2062
https://secunia.com/advisories/47195
Vulnerability: Google Chrome Multiple Vulnerabilities
Affected Software:
- Google Chrome 15.x
Explanation: Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, and compromise a user’s system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html
https://secunia.com/advisories/47231
Vulnerability: HP Device Access Manager for HP ProtectTools ActiveX Control Buffer Overflow Vulnerability
Affected Software:
- HP Device Access Manager for HP ProtectTools 6.x
- HP ProtectTools Device Access Manager ActiveX Control 6.x
Explanation: A single vulnerability has been reported in HP Device Access Manager for HP ProtectTools, which can be exploited by malicious people to compromise a user’s system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03082368
https://secunia.com/advisories/47066
Vulnerability: HP-UX update for BIND
Affected Software:
- HP-UX 11.x
Explanation: HP has issued an update for BIND in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to cause a Denial of Service (DOS) condition.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03105548
https://secunia.com/advisories/47075
Vulnerability: IBM AIX Inventory Scout Data Manipulation and File Deletion Vulnerabilities
Affected Software:
- AIX 5.x
- AIX 6.x
- AIX 7.x
Explanation: Two vulnerabilities have been reported in IBM AIX, which can be exploited by malicious, local users to manipulate certain data and perform certain actions with escalated privileges.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc
http://xforce.iss.net/xforce/xfdb/71615
https://secunia.com/advisories/47222
Vulnerability: IBM Tivoli Federated Identity Manager SAML Signature Validation Security Bypass
Affected Software:
- IBM Tivoli Federated Identity Manager 6.x
- IBM Tivoli Federated Identity Manager Business Gateway 6.x
Explanation: A single vulnerability has been reported in IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway, which can be exploited by malicious people to bypass certain security restrictions.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://www.ibm.com/support/docview.wss?uid=swg21575309
http://www.ibm.com/support/docview.wss?uid=swg24031351
http://www.ibm.com/support/docview.wss?uid=swg24031348
http://www.ibm.com/support/docview.wss?uid=swg24029500
http://xforce.iss.net/xforce/xfdb/71686
https://secunia.com/advisories/47218
Vulnerability: ISC DHCP Regular Expressions Denial of Service Vulnerability
Affected Software:
- ISC DHCP 4.1.x
- ISC DHCP 4.2.x
Explanation: A single vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to cause a Denial of Service (DOS) condition.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
https://www.isc.org/software/dhcp/advisories/cve-2011-4539
https://secunia.com/advisories/47153
Vulnerability: Kerberos KDC “process_tgs_req()” NULL Pointer Dereference Denial of Service Vulnerability
Affected Software:
- Kerberos 5.x
Explanation: A single vulnerability has been reported in Kerberos, which can be exploited by malicious people to cause a Denial of Service condition.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-007.txt
https://secunia.com/advisories/47124
Vulnerability: Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege MS11-088 (2652016) – Important
Affected Software:
- Microsoft Office 2010
- Microsoft Office Pinyin SimpleFast/New Experience Style 2010
- Microsoft Pinyin IME 2010
Explanation: A single vulnerability has been reported in Microsoft Office, which can be exploited by malicious, local users to gain escalated privileges
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://technet.microsoft.com/en-us/security/bulletin/ms11-088
https://secunia.com/advisories/47062
Vulnerability: Vulnerability in Microsoft Office Could Allow Remote Code Execution MS11-089 (2590602) – Important
Affected Software:
- Microsoft Office 2007
- Microsoft Office 2010
- Microsoft Office for Mac 2011
Explanation: A single vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to compromise a user’s system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://technet.microsoft.com/en-us/security/bulletin/ms11-089
https://secunia.com/advisories/47098
Vulnerability: Cumulative Security Update of ActiveX Kill Bits MS11-090 (2618451) – Critical
Affected Software:
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows Storage Server 2003
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
Explanation: A single vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user’s system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://technet.microsoft.com/en-us/security/bulletin/ms11-090
https://secunia.com/advisories/47099
Vulnerability: Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution MS11-091 (2607702) – Important
Affected Software:
- Microsoft Office 2003 Professional Edition
- Microsoft Office 2003 Small Business Edition
- Microsoft Office 2003 Standard Edition
- Microsoft Office 2003 Student and Teacher Edition
- Microsoft Office 2007
- Microsoft Office Publisher 2003
- Microsoft Office Publisher 2007
Explanation: Multiple vulnerabilities have been reported in Microsoft Office Publisher, which can be exploited by malicious people to compromise a user’s system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://technet.microsoft.com/en-us/security/bulletin/ms11-091
https://secunia.com/advisories/46438/
Vulnerability: Vulnerability in Windows Media Could Allow Remote Code Execution MS11-092 (2648048) – Critical
Affected Software:
- Microsoft Windows 7
- Microsoft Windows Vista
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
Explanation: A single vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user’s system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://technet.microsoft.com/en-us/security/bulletin/ms11-092
https://secunia.com/advisories/47117
Vulnerability: Vulnerability in OLE Could Allow Remote Code Execution MS11-093 (2624667) – Important
Affected Software:
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows Storage Server 2003
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Profession
Explanation: A single vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user’s system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://technet.microsoft.com/en-us/security/bulletin/ms11-093
https://secunia.com/advisories/47207
Vulnerability: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution MS11-094 (2639142) – Important
Affected Software:
- Microsoft Office 2007
- Microsoft Office 2008 for Mac
- Microsoft Office 2010
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File formats
- Microsoft Office PowerPoint Viewer 2007
- Microsoft PowerPoint 2007
- Microsoft PowerPoint 2010
Explanation: Multiple vulnerabilities have been reported in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user’s system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://technet.microsoft.com/en-us/security/bulletin/ms11-094
https://secunia.com/advisories/47213
https://secunia.com/advisories/47208
Vulnerability: Vulnerability in Active Directory Could Allow Remote Code Execution MS11-095 (2640045) – Important
Affected Software:
- Microsoft Windows 7
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows Server 2008
- Microsoft Windows Storage Server 2003
- Microsoft Windows Vista
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
Explanation: A single vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://technet.microsoft.com/en-us/security/bulletin/ms11-095
https://secunia.com/advisories/47202
Vulnerability: Vulnerability in Microsoft Excel Could Allow Remote Code Execution MS11-096 (2640241) – Important
Affected Software:
- Microsoft Excel 2003
- Microsoft Office 2003 Professional Edition
- Microsoft Office 2003 Small Business Edition
- Microsoft Office 2003 Standard Edition
- Microsoft Office 2003 Student and Teacher Edition
- Microsoft Office 2004 for Mac
Explanation: A single vulnerability has been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user’s system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://technet.microsoft.com/en-us/security/bulletin/ms11-096
https://secunia.com/advisories/47203
Vulnerability: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege MS11-097 (2620712) – Important
Affected Software:
- Microsoft Windows 7
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows Server 2008
- Microsoft Windows Storage Server 2003
- Microsoft Windows Vista
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
Explanation: A single vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://technet.microsoft.com/en-us/security/bulletin/ms11-097
https://secunia.com/advisories/47210
Vulnerability: Vulnerability in Windows Kernel Could Allow Elevation of Privilege MS11-098 (2633171) – Important
Affected Software:
- Microsoft Windows 7
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows Server 2008
- Microsoft Windows Storage Server 2003
- Microsoft Windows Vista
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
Explanation: A single vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://technet.microsoft.com/en-us/security/bulletin/ms11-098
https://secunia.com/advisories/47204
Vulnerability: Cumulative Security Update for Internet Explorer MS11-099 (2618444) – Important
Affected Software:
- Microsoft Internet Explorer 6.x
- Microsoft Internet Explorer 7.x
- Microsoft Internet Explorer 8.x
- Microsoft Internet Explorer 9.x
Explanation: Three vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to disclose sensitive information and compromise a user’s system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://technet.microsoft.com/en-us/security/bulletin/ms11-099
https://secunia.com/advisories/47212
Vulnerability: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities
Affected Software:
- Oracle Solaris 11 Express
- Sun Solaris 10.x
Explanation: Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user’s system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer3
https://secunia.com/advisories/47180
Vulnerability: Red Hat Multiple Vulnerabilities
Affected Software:
- Red Hat Desktop 4.x
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 4
- Red Hat Enterprise Linux Desktop 5
- Red Hat Enterprise Linux Desktop Workstation 5
- Red Hat Enterprise Linux Server 5
- Red Hat Enterprise Linux Desktop 6
- Red Hat Enterprise Linux HPC Node 6
- Red Hat Enterprise Linux Server 6
- Red Hat Enterprise Linux Workstation 6
- Red Hat Network Satellite Server 5.x
- JBoss Enterprise Application Platform 5.x
- Red Hat JBoss Enterprise Application Platform 5.x
- JBoss Enterprise Web Application Platform 5.x
Explanation: Multiple vulnerabilities have been reported in the Red Hat software, which can be exploited by malicious people to conduct cross-site request forgery attacks, to conduct script insertion attacks, to disclose potentially sensitive information, to bypass certain security restrictions, to cause a Denial of Service condition, to gain escalated privileges, to manipulate certain data, to conduct HTTP response splitting attacks and to compromise a vulnerable system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
https://rhn.redhat.com/errata/RHSA-2011-1780.html
https://rhn.redhat.com/errata/RHSA-2011-1635.html
https://rhn.redhat.com/errata/RHSA-2011-1691.html
https://rhn.redhat.com/errata/RHSA-2011-1749.html
https://rhn.redhat.com/errata/RHSA-2011-1790.html
https://rhn.redhat.com/errata/RHSA-2011-1615.html
https://rhn.redhat.com/errata/RHSA-2011-1526.html
https://rhn.redhat.com/errata/RHSA-2011-1534.html
https://rhn.redhat.com/errata/RHSA-2011-1791.html
https://rhn.redhat.com/errata/RHSA-2011-1741.html
https://rhn.redhat.com/errata/RHSA-2011-1531.html
https://rhn.redhat.com/errata/RHSA-2011-1533.html
https://rhn.redhat.com/errata/RHSA-2011-1508.html
https://rhn.redhat.com/errata/RHSA-2011-1507.html
https://rhn.redhat.com/errata/RHSA-2011-1532.html
https://rhn.redhat.com/errata/RHSA-2011-1530.html
https://rhn.redhat.com/errata/RHSA-2011-1794.html
https://bugzilla.redhat.com/show_bug.cgi?id=742050
https://rhn.redhat.com/errata/RHSA-2011-1798.html
https://rhn.redhat.com/errata/RHSA-2011-1799.html
https://rhn.redhat.com/errata/RHSA-2011-1800.html
https://rhn.redhat.com/errata/RHSA-2011-1805.html
https://rhn.redhat.com/errata/RHSA-2011-1802.html
https://rhn.redhat.com/errata/RHSA-2011-1803.html
https://rhn.redhat.com/errata/RHSA-2011-1804.html
https://rhn.redhat.com/errata/RHSA-2011-1806.html
https://rhn.redhat.com/errata/RHSA-2011-1807.html
http://rhn.redhat.com/errata/RHSA-2011-1797.html
https://rhn.redhat.com/errata/RHSA-2011-1811.html
https://rhn.redhat.com/errata/RHSA-2011-1814.html
https://rhn.redhat.com/errata/RHSA-2011-1815.html
https://secunia.com/advisories/47125
https://secunia.com/advisories/47150
https://secunia.com/advisories/47149
https://secunia.com/advisories/47147
https://secunia.com/advisories/47142
https://secunia.com/advisories/47151
https://secunia.com/advisories/47158
https://secunia.com/advisories/47154
https://secunia.com/advisories/47141
https://secunia.com/advisories/47144
https://secunia.com/advisories/47152
https://secunia.com/advisories/47042
https://secunia.com/advisories/47049
https://secunia.com/advisories/47156
https://secunia.com/advisories/47159
https://secunia.com/advisories/47162
https://secunia.com/advisories/47169
https://secunia.com/advisories/47111
https://secunia.com/advisories/47193
https://secunia.com/advisories/47179
https://secunia.com/advisories/47214
https://secunia.com/advisories/47228
https://secunia.com/advisories/47227
Vulnerability: RSA Adaptive Authentication On-Premise Two Security Bypass Vulnerabilities
Affected Software:
- RSA Adaptive Authentication 6.x
Explanation: Two vulnerabilities have been reported in RSA Adaptive Authentication, which can be exploited by malicious people to bypass certain security restrictions.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://archives.neohapsis.com/archives/bugtraq/2011-12/att-0073/ESA-2011-036.txt
https://secunia.com/advisories/47255
Vulnerability: SUSE Multiple Vulnerabilities
Affected Software:
- openSUSE 11.3
- openSUSE 11.4
- SUSE Studio Onsite 1.x
- SUSE Studio Standard Edition 1.x
- WebYast 1.x
- SUSE Linux Enterprise Server (SLES) 10
- SUSE Linux Enterprise Server (SLES) 11
Explanation: Multiple vulnerabilities have been reported in the SUSE software which can be exploited by malicious people to conduct cross-site scripting attacks, to disclose system information, to disclose potentially sensitive information, to bypass certain security restrictions, to gain escalated privileges, to manipulate certain data, to conduct HTTP response splitting attacks, to conduct cross-site request forgery attacks, to conduct SQL injection attacks, to cause a Denial of Service condition and to potentially compromise a vulnerable system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html
https://hermes.opensuse.org/messages/12768388
https://hermes.opensuse.org/messages/12720031
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00001.html
https://hermes.opensuse.org/messages/12732079
https://hermes.opensuse.org/messages/12730951
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00007.html
http://lists.opensuse.org/opensuse-updates/2011-12/msg00004.html
https://hermes.opensuse.org/messages/12869344
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html
http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00011.html
https://secunia.com/advisories/47107
https://secunia.com/advisories/47097
https://secunia.com/advisories/47050
https://secunia.com/advisories/47079
https://secunia.com/advisories/47083
https://secunia.com/advisories/47081
https://secunia.com/advisories/47171
https://secunia.com/advisories/47138
https://secunia.com/advisories/47166
https://secunia.com/advisories/47188
https://secunia.com/advisories/47187
https://secunia.com/advisories/47178
https://secunia.com/advisories/47241
Vulnerability: Trend Micro Control Manager “CGenericScheduler::AddTask()” Buffer Overflow Vulnerability
Affected Software:
- Trend Micro Control Manager (TMCM) 5.x
Explanation: A single vulnerability has been reported in Trend Micro Control Manager, which can be exploited by malicious people to compromise a vulnerable system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt
https://secunia.com/advisories/47114
Vulnerability: ZENworks Asset Management rtrlet Component Arbitrary File Upload Vulnerability
Affected Software:
- Novell ZENWorks Asset Management 7.x
Explanation: A single vulnerability has been reported in ZENworks Asset Management, which can be exploited by malicious people to compromise a vulnerable system.
Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.