Commonwealth Security Advisory – Jan 26th, 2012

Commonwealth Security and Risk Management staff has been tracking multiple vulnerabilities that may have significant impact for the Commonwealth Information Security community.  

Summary:

              1.      Apache Struts “ParameterInterceptor” Security Bypass Vulnerability

             2.      Asterisk SRTP Video Stream Negotiation Denial of Service Vulnerability

             3.      Cisco Digital Media Manager Administrative Resources Access Security Bypass Vulnerability

             4.      Cisco TelePresence System Default Root Account Security Issue

             5.      cURL SSL/TLS IV Selection Weakness and URL Sanitization Vulnerability

             6.      HP-UX Multiple Vulnerabilities

             7.      IBM DB2 Accessories Suite Outside In Technology Multiple Vulnerabilities

             8.      IBM Lotus Symphony Image Processing Integer Overflow Vulnerability

             9.      OpenSSL DTLS Denial of Service Vulnerability

           10.     Opera Filename Disclosure Weakness and Security Bypass Vulnerability

           11.     Oracle Solaris Multiple Vulnerabilities

           12.     Smokeping “displaymode” Cross-Site Scripting Vulnerability

           13.     Symantec pcAnywhere / IT Management Suite Code Execution and Insecure Permission

           14.     Red Hat Multiple Vulnerabilities

           15.     SUSE Multiple Vulnerabilities

           16.     Trend Micro DataArmor / DriveArmor Privilege Escalation Vulnerability

 

 

Vulnerability:  Apache Struts “ParameterInterceptor” Security Bypass Vulnerability

Affected Software:

  •  Apache Struts 2.x

Explanation: A single vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://struts.apache.org/2.x/docs/s2-009.html

https://secunia.com/advisories/47711

 

 

Vulnerability:  Asterisk SRTP Video Stream Negotiation Denial of Service Vulnerability

Affected Software:

  • Asterisk 1.x
  • Asterisk 10.x

Explanation: A single vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a Denial of Service condition.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://downloads.asterisk.org/pub/security/AST-2012-001.html

https://secunia.com/advisories/47630

 

 

Vulnerability:  Cisco Digital Media Manager Administrative Resources Access Security Bypass Vulnerability

Affected Software:

  • Cisco Digital Media Manager 5.x

Explanation: A single vulnerability has been reported in Cisco Digital Media Manager, which can be exploited by malicious users to bypass certain security restrictions.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-dmm

https://secunia.com/advisories/47651

 

 

Vulnerability:  Cisco TelePresence System Default Root Account Security Issue

Affected Software:

  • Cisco TelePresence Systems (CTS)

Explanation: A security issue has been reported in Cisco TelePresence System, which can be exploited by malicious people to compromise a vulnerable system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120118-te

https://secunia.com/advisories/47591

 

 

Vulnerability: cURL SSL/TLS IV Selection Weakness and URL Sanitization Vulnerability

Affected Software:

  • cURL 7.x

Explanation: Multiple vulnerabilities have been reported in cURL, which can be exploited by malicious people to disclose potentially sensitive information, hijack a user’s session, and manipulate certain data.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://curl.haxx.se/docs/adv_20120124B.html

http://curl.haxx.se/docs/adv_20120124.html

https://secunia.com/advisories/47690

 

 

Vulnerability:  HP-UX Multiple Vulnerabilities

Affected Software:

  • HP-UX 11.x

Explanation: Multiple vulnerabilities have been reported in HP-UX, which can be exploited by malicious people to disclose certain information, to disclose potentially sensitive information, to hijack a user’s session, to conduct DNS cache poisoning attacks, to manipulate certain data, to cause a Denial of Service condition and to compromise a vulnerable system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03122753

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03141193

https://secunia.com/advisories/47709

https://secunia.com/advisories/47673

 

 

Vulnerability:  IBM DB2 Accessories Suite Outside In Technology Multiple Vulnerabilities

Affected Software:

  • IBM DB2 Accessories Suite 9.x

Explanation: IBM has acknowledged multiple vulnerabilities in IBM DB2 Accessories Suite, which can be exploited by malicious people to compromise a vulnerable system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://www.ibm.com/support/docview.wss?uid=swg21578978

https://secunia.com/advisories/47683

 

 

Vulnerability:  IBM Lotus Symphony Image Processing Integer Overflow Vulnerability

Affected Software:

  • IBM Lotus Symphony 3.x

Explanation: A single vulnerability has been reported in IBM Lotus Symphony, which can be exploited by malicious people to compromise a user’s system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://www.ibm.com/support/docview.wss?uid=swg21578684

https://secunia.com/advisories/47245

 

 

Vulnerability: OpenSSL DTLS Denial of Service Vulnerability

Affected Software:

  • OpenSSL 0.x
  • OpenSSL 1.x

Explanation: A single vulnerability has been reported in OpenSSL, which can be exploited by malicious people to cause a Denial of Service condition.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://www.openssl.org/news/secadv_20120118.txt

https://secunia.com/advisories/47631

 

 

Vulnerability:  Opera Filename Disclosure Weakness and Security Bypass Vulnerability

Affected Software:

  • Opera 11.x

Explanation: Multiple vulnerabilities have been reported in Opera, which can be exploited by malicious people to disclose potentially sensitive information and to bypass certain security restrictions.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://www.opera.com/docs/changelogs/windows/1161/

http://www.opera.com/support/kb/view/1007/

http://www.opera.com/support/kb/view/1008/

https://secunia.com/advisories/47686

 

 

Vulnerability:  Oracle Solaris Multiple Vulnerabilities

Affected Software:

  • Oracle Solaris 11 Express
  • Sun Solaris 10.x

Explanation: Multiple vulnerabilities have been reported in Oracle Solaris, which can be exploited by malicious people to cause a Denial of Service condition and to potentially compromise a vulnerable system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libexif

http://blogs.oracle.com/sunsecurity/entry/cve_2011_3205_buffer_overflow

https://secunia.com/advisories/47623/

https://secunia.com/advisories/47629

 

 

Vulnerability:  Smokeping “displaymode” Cross-Site Scripting Vulnerability

Affected Software:

  • Smokeping 2.x

Explanation: A single vulnerability has been reported in Smokeping, which can be exploited by malicious people to conduct cross-site scripting attacks.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://oss.oetiker.ch/smokeping/pub/CHANGES

https://secunia.com/advisories/47678

 

 

Vulnerability:  Symantec pcAnywhere / IT Management Suite Code Execution and Insecure Permission

Affected Software:

  • Symantec Altiris IT Management Suite 7.x
  • Symantec pcAnywhere 12.x

Explanation: Multiple vulnerabilities have been reported in Symantec pcAnywhere and IT Management Suite, which can be exploited by malicious people to perform certain actions with escalated privileged and to compromise a vulnerable system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00

https://secunia.com/advisories/47744

 

 

Vulnerability: Red Hat Multiple Vulnerabilities

Affected Software:

  • Red Hat Enterprise Linux Extras v.4
  • Red Hat Enterprise Linux Workstation 5
  • Red Hat Enterprise Linux Server 5
  • Red Hat Enterprise Linux Supplementary (v.5 client)
  • Red Hat Enterprise Linux Supplementary (v.5 server)
  • Red Hat Enterprise Linux Desktop 6
  • Red Hat Enterprise Linux Desktop Supplementary (v.6)
  • Red Hat Enterprise Linux HPC Node 6
  • Red Hat Enterprise Linux HPC Node Supplementary (v.6)
  • Red Hat Enterprise Linux Server 6
  • Red Hat Enterprise Linux Server Supplementary (v.6)
  • Red Hat Enterprise Linux Workstation 6
  • Red Hat Enterprise Linux Workstation Supplementary (v.6)
  • Red Hat Enterprise MGR v2 for Red Hat Enterprise Linux (version 6)
  • Red Hat JBoss Enterprise Application Platform 4.3.x

Explanation: Multiple vulnerabilities have been reported in the Red Hat software, which can be exploited by malicious people to disclose potentially sensitive information, to bypass certain security restrictions, to hijack a user’s session, to conduct DNS cache poisoning attacks, to manipulate certain data, to cause a Denial of Service condition, to gain escalated privileges and to compromise a vulnerable system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

https://rhn.redhat.com/errata/RHSA-2012-0062.html

https://rhn.redhat.com/errata/RHSA-2012-0059.html

https://rhn.redhat.com/errata/RHSA-2012-0060.html

http://rhn.redhat.com/errata/RHSA-2012-0058.html

https://rhn.redhat.com/errata/RHSA-2012-0050.html

http://rhn.redhat.com/errata/RHSA-2012-0052.html

http://rhn.redhat.com/errata/RHSA-2012-0061.html

https://rhn.redhat.com/errata/RHSA-2012-0041.html

https://rhn.redhat.com/errata/RHSA-2012-0034.html

https://rhn.redhat.com/errata/RHSA-2012-0033.html

https://secunia.com/advisories/47747

https://secunia.com/advisories/47748

https://secunia.com/advisories/47752

https://secunia.com/advisories/47749

https://secunia.com/advisories/47706

https://secunia.com/advisories/47708

https://secunia.com/advisories/47675

https://secunia.com/advisories/47633

https://secunia.com/advisories/47634

 

 

Vulnerability: SUSE Multiple Vulnerabilities

Affected Software:

  • openSUSE 11.3
  • openSUSE 11.4
  • SUSE Linux Enterprise Server (SLES) 10
  • SUSE Linux Enterprise Server (SLES) 11

Explanation: Multiple vulnerabilities have been reported in the SUSE software, which can be exploited by malicious people to disclose certain information, to disclose potentially sensitive information, to hijack a user’s session, to conduct DNS cache poisoning attacks, to conduct spoofing attacks, to manipulate certain data, to gain escalated privileges, to cause a Denial of Service condition and compromise a vulnerable system.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html

http://lists.opensuse.org/opensuse-updates/2012-01/msg00038.html

http://lists.opensuse.org/opensuse-updates/2012-01/msg00040.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00050.html

http://lists.opensuse.org/opensuse-updates/2012-01/msg00039.html

http://lists.opensuse.org/opensuse-updates/2012-01/msg00036.html

http://lists.opensuse.org/opensuse-updates/2012-01/msg00037.html

http://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00021.htm

https://secunia.com/advisories/47684

https://secunia.com/advisories/47635

https://secunia.com/advisories/47647

https://secunia.com/advisories/47655

https://secunia.com/advisories/47662

https://secunia.com/advisories/47672

https://secunia.com/advisories/47674

https://secunia.com/advisories/47645

 

 

Vulnerability:  Trend Micro DataArmor / DriveArmor Privilege Escalation Vulnerability

Affected Software:

  •  Trend Micro DataArmor 3.x
  • Trend Micro DriveArmor 3.x

Explanation: A single vulnerability has been reported in Trend Micro DataArmor and Trend Micro DriveArmor, which can be exploited by malicious, local users with physical access to gain escalated privileges.

Recommendation: Review the following advisories and have the software updated by your IT team or service provider as soon as possible after appropriate testing.

http://esupport.trendmicro.com/solution/en-us/1060043.aspx

https://secunia.com/advisories/47759