Commonwealth Security Advisory – Jan 12th, 2012

Commonwealth Security and Risk Management staff has been tracking multiple vulnerabilities that may have significant impact for the Commonwealth Information Security community.

Summary:

1.     Adobe Reader/Acrobat Multiple Vulnerabilities
2.     Google Chrome Multiple Vulnerabilities
3.     HP LaserJet P3015 Unspecified Security Bypass Vulnerability
4.     IBM Java Multiple Vulnerabilties
5.     IBM Rational License Key Server License Manager Log File Upload Vulnerability
6.     IBM WebSphere Application Server Community Edition Tomcat Container Denial of Service
7.     Microsoft January Security Bulletin
         a.   Vulnerability in Windows Kernel Could Allow Security Feature Bypass MS12-001 (2644615) – Important
         b.   Vulnerability in Windows Object Packager Could Allow Remote Code Execution MS12-002 (2603381) –Important
         c.   Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege  MS12-003  (2646524) – Important
         d.   Vulnerabilities in Windows Media Could Allow Remote Code Execution MS12-004 (2636391) – Critical
         e.   Vulnerability in Microsoft Windows Could Allow Remote Code Execution MS12-005 (2584146) – Important
         f.   Vulnerability in SSL/TLS Could Allow Information Disclosure MS12-006 (2643584) – Important
         g.   Vulnerability in AntiXSS Library Could Allow Information Disclosure MS12-007 (2607664) – Important
8.    Red Hat Multiple Vulnerabilities
9.    SUSE Multiple Vulnerabilities
10.  Wireshark Multiple Vulnerabilities

Vulnerability: Adobe Reader/Acrobat Multiple Vulnerabilities

Affected Software:

• Adobe Acrobat 9.x
• Adobe Acrobat 10.x
• Adobe Reader 9.x
• Adobe Reader 10.x

Explanation: Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to compromise a user’s system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://www.adobe.com/support/security/bulletins/apsb12-01.htm

https://secunia.com/advisories/45852

 

Vulnerability: Google Chrome Multiple Vulnerabilities

Affected Software:

• Google Chrome 16.x

Explanation: Multiple vulnerabilities have been reported in Google Chrome, which potentially can be exploited by malicious people to compromise a user’s system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html

https://secunia.com/advisories/47449

 

Vulnerability: HP LaserJet P3015 Unspecified Security Bypass Vulnerability

Affected Software:

• HP LaserJet P3015 Series

Explanation: A single vulnerability has been reported in HP LaserJet P3015, which can be exploited by malicious people to bypass certain security restrictions.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03140700

https://secunia.com/advisories/47457

 

Vulnerability: IBM Java Multiple Vulnerabilities

Affected Software:

• IBM Java 1.4.x
• IBM Java 6.x

Explanation: IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious peoples to disclose certain information, to disclose potentially sensitive information, to hijack a user’s session, to conduct DNS cache poisoning attacks, to manipulate certain data, to cause a Denial of Service condition, and to compromise a vulnerable system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://www.ibm.com/developerworks/java/jdk/alerts/

https://secunia.com/advisories/47464

 

Vulnerability: IBM Rational License Key Server License Manager Log File Upload Vulnerability

Affected Software:

• IBM Rational License Key Server 8.x

Explanation: IBM has acknowledged a vulnerability in IBM Rational License Key Server, which can be exploited by malicious people to compromise a vulnerable system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://www.ibm.com/support/docview.wss?uid=swg21577760

https://secunia.com/advisories/47522

 

Vulnerability: IBM WebSphere Application Server Community Edition Tomcat Container Denial of Service

Affected Software:

• IBM WebSphere Application Server Community Edition 1.x
• IBM WebSphere Application Server Community Edition 2.x
• IBM WebSphere Application Server Community Edition 3.x

Explanation: A single vulnerability has been reported in IBM WebSphere Application Server Community Edition, which can be exploited by malicious people to cause a Denial of Service condition.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://www.ibm.com/support/docview.wss?uid=swg21577274

http://www.ibm.com/support/docview.wss?uid=swg21575700

https://secunia.com/advisories/47473

 

Vulnerability: Vulnerability in Windows Kernel Could Allow Security Feature Bypass MS12-001 (2644615) – Important

Affected Software:

• Microsoft Windows 7
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows Server 2008
• Microsoft Windows Storage Server 2003
• Microsoft Windows Vista
• Microsoft Windows XP Professional

Explanation: A single vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security features.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://technet.microsoft.com/en-us/security/bulletin/ms12-001

https://secunia.com/advisories/47356

 

Vulnerability: Vulnerability in Windows Object Packager Could Allow Remote Code Execution MS12-002 (2603381) – Important

Affected Software:

• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows Storage Server 2003
• Microsoft Windows XP Home Edition
• Microsoft Windows XP Professional

Explanation: A single vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user’s system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://technet.microsoft.com/en-us/security/bulletin/ms12-002

https://secunia.com/advisories/45189

 

Vulnerability: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege MS12-003 (2646524) – Important

Affected Software:

• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows Server 2008
• Microsoft Windows Storage Server 2003
• Microsoft Windows Vista
• Microsoft Windows XP Home Edition
• Microsoft Windows XP Professional

Explanation: A single vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://technet.microsoft.com/en-us/security/bulletin/ms12-003

https://secunia.com/advisories/47479

 

Vulnerability: Vulnerabilities in Windows Media Could Allow Remote Code Execution MS12-004 (2636391) – Critical

Affected Software:

• Microsoft Windows 7
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows Server 2008
• Microsoft Windows Storage Server 2003
• Microsoft Windows Vista
• Microsoft Windows XP Home Edition
• Microsoft Windows XP Professional
• Windows Media Center TV Pack for Windows Vista

Explanation: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user’s system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://technet.microsoft.com/en-us/security/bulletin/ms12-004

https://secunia.com/advisories/47485

 

Vulnerability: Vulnerability in Microsoft Windows Could Allow Remote Code Execution MS12-005 (2584146) – Important

Affected Software:

• Microsoft Windows 7
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows Server 2008
• Microsoft Windows Storage Server 2003
• Microsoft Windows Vista
• Microsoft Windows XP Home Edition
• Microsoft Windows XP Professional

Explanation: A single vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user’s session.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://technet.microsoft.com/en-us/security/bulletin/ms12-005

https://secunia.com/advisories/47480

 

Vulnerability: Vulnerability in SSL/TLS Could Allow Information Disclosure MS12-006 (2643584) – Important

Affected Software:

• Microsoft Windows 7
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows Server 2008
• Microsoft Windows Storage Server 2003
• Microsoft Windows Vista
• Microsoft Windows XP Home Edition
• Microsoft Windows XP Professional

Explanation: A single vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user’s session.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://technet.microsoft.com/en-us/security/bulletin/ms12-006

https://secunia.com/advisories/46168

 

Vulnerability: Vulnerability in AntiXSS Library Could Allow Information Disclosure MS12-007 (2607664) – Important

Affected Software:

• Microsoft AntiXSS Library 4.x

Explanation: A single vulnerability has been reported in Microsoft AntiXSS Library, which can be exploited by malicious people to bypass certain security restrictions.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://technet.microsoft.com/en-us/security/bulletin/ms12-007

https://secunia.com/advisories/47483

 

Vulnerability: Red Hat Multiple Vulnerabilities

Affected Software:

• Red Hat Enterprise Linux Extras v.4
• Red Hat Enterprise Linux Desktop 5
• Red Hat Enterprise Linux Desktop Supplementary (v.5 client)
• Red Hat Enterprise Linux Server 5
• Red Hat Enterprise Linux Supplementary (v.5 server)
• Red Hat Enterprise Linux Desktop Supplementary (v.6)
• Red Hat Enterprise Linux Server Supplementary (v.6)
• Red Hat Enterprise Linux Workstation Supplementary (v.6)
• Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 5)
• Libvirt 0.x

Explanation: Multiple vulnerabilities have been reported in the Red Hat software, which can be exploited by malicious people to disclose potentially sensitive information, to hijack a user’s session, to conduct DNS cache poisoning attacks, to manipulate certain data, to bypass certain security restrictions, to cause a Denial of Service condition, to gain escalated privileges and to compromise a vulnerable system.

A weakness has been reported in libvirt, which can be exploited by malicious people to bypass certain security restrictions.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

https://rhn.redhat.com/errata/RHSA-2012-0006.html

https://bugzilla.redhat.com/show_bug.cgi?id=760442

https://rhn.redhat.com/errata/RHSA-2012-0011.html

https://rhn.redhat.com/errata/RHSA-2012-0007.html

https://rhn.redhat.com/errata/RHSA-2012-0010.html

https://secunia.com/advisories/47476

https://secunia.com/advisories/47463

https://secunia.com/advisories/47510

https://secunia.com/advisories/47512

https://secunia.com/advisories/47511

 

Vulnerability: SUSE Multiple Vulnerabilities

Affected Software:

• openSUSE 11.3
• openSUSE 11.4
• SUSE Linux Enterprise Server (SLES) 9
• SUSE Linux Enterprise Server (SLES) 10
• SUSE Linux Enterprise Server (SLES) 11

Explanation: Multiple vulnerabilities have been reported in the SUSE software which can be exploited by malicious people to disclose potentially sensitive information, to cause a denial of service condition, to bypass certain security restrictions, to conduct spoofing attacks and to potentially compromise a vulnerable system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

https://hermes.opensuse.org/messages/13154473

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html

http://lists.opensuse.org/opensuse-updates/2012-01/msg00007.html

http://lists.opensuse.org/opensuse-updates/2012-01/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00013.html

http://lists.opensuse.org/opensuse-updates/2012-01/msg00023.html

http://lists.opensuse.org/opensuse-updates/2012-01/msg00025.html

https://secunia.com/advisories/47423

https://secunia.com/advisories/47442

https://secunia.com/advisories/47441

https://secunia.com/advisories/47416

https://secunia.com/advisories/47409

https://secunia.com/advisories/47481

 

Vulnerability: Wireshark Multiple Vulnerabilities

Affected Software:

• Wireshare 1.x

Explanation: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user’s system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://www.wireshark.org/docs/relnotes/wireshark-1.6.5.html

http://www.wireshark.org/docs/relnotes/wireshark-1.4.11.html

http://www.wireshark.org/security/wnpa-sec-2012-01.html

http://www.wireshark.org/security/wnpa-sec-2012-02.html

http://www.wireshark.org/security/wnpa-sec-2012-03.html

https://secunia.com/advisories/47494