CVE-2010-2011
published 2010-05-21CVE-2010-2011: Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote…
PriorityP420medium4CVSS 2.0
AVNACLAuSCPINAN
EPSS
10.74%
95.3th percentile
Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents.
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j9fh-4mc8-rjqx: Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote a
ghsa_unreviewed·2022-05-17
CVE-2010-2011 [MEDIUM] GHSA-j9fh-4mc8-rjqx: Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote a
Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents.
Red Hat
Gimp: Incomplete fix for CVE-2010-4543 PSP plug-in heap overflow issue
vendor_redhat·2011-05-23·CVSS 7.5
CVE-2011-1782 [HIGH] Gimp: Incomplete fix for CVE-2010-4543 PSP plug-in heap overflow issue
Gimp: Incomplete fix for CVE-2010-4543 PSP plug-in heap overflow issue
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4543.
Package: gimp (Red Hat Enterprise Linux 4) - Not affected
Package: gimp (Red Hat Enterprise Linux 5) - Not affected
Package: gimp (Red Hat Enterprise Linux 6) - Affected
Red Hat
kdenetwork: incomplete fix for CVE-2010-1000
vendor_redhat·2011-04-11·CVSS 5.8
CVE-2011-1586 [MEDIUM] CWE-73 kdenetwork: incomplete fix for CVE-2010-1000
kdenetwork: incomplete fix for CVE-2010-1000
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.
Red Hat
kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)
vendor_redhat·2011-04-05·CVSS 4.9
CVE-2011-1479 [MEDIUM] kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)
kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)
Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 and 5. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0498.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
Package: kernel (Red Hat Enterprise Linux 6) - Affected
Package: kernel (Red Hat Enterprise Linux Extended Update Su
Red Hat
OpenJDK untrusted code allowed to replace DSIG/C14N implementation (6994263)
vendor_redhat·2011-02-15·CVSS 2.6
CVE-2010-4472 [LOW] OpenJDK untrusted code allowed to replace DSIG/C14N implementation (6994263)
OpenJDK untrusted code allowed to replace DSIG/C14N implementation (6994263)
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."
Red Hat
krb5: kpropd unexpected termination on invalid input (MITKRB5-SA-2011-001)
vendor_redhat·2011-02-08·CVSS 5.0
CVE-2010-4022 [MEDIUM] krb5: kpropd unexpected termination on invalid input (MITKRB5-SA-2011-001)
krb5: kpropd unexpected termination on invalid input (MITKRB5-SA-2011-001)
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.
Statement: This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5 as the flaw was introduced in a later version of MIT krb5 (1.7).
Package: krb5 (Red Hat Enterprise Linux 4) - Not affected
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Red Hat
wireshark: DoS via crafted packets to ASN.1 BER dissector (upstream bug #5537)
vendor_redhat·2011-01-11·CVSS 5.0
CVE-2011-0445 [MEDIUM] wireshark: DoS via crafted packets to ASN.1 BER dissector (upstream bug #5537)
wireshark: DoS via crafted packets to ASN.1 BER dissector (upstream bug #5537)
The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap.
Package: wireshark (Red Hat Enterprise Linux 4) - Not affected
Package: wireshark (Red Hat Enterprise Linux 5) - Not affected
Package: wireshark (Red Hat Enterprise Linux 6) - Not affected
Red Hat
php: NumberFormatter: set a symbol value crash (DoS) on bogus values
vendor_redhat·2010-12-07·CVSS 5.0
CVE-2011-1467 [MEDIUM] php: NumberFormatter: set a symbol value crash (DoS) on bogus values
php: NumberFormatter: set a symbol value crash (DoS) on bogus values
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.
Statement: This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 4 and 5. The getSymbol() and setSymbol() functions are unlikely to ever receive untrusted input as an $attr argument, and it is even less likely that they would receive such input when only a small set of pre-defined constants is expected. As a result, this flaw can only be triggered by the script author and cannot be used to cross trust boundaries. T
Red Hat
kernel: L2TP send buffer allocation size overflows
vendor_redhat·2010-11-01·CVSS 6.9
CVE-2010-4160 [MEDIUM] kernel: L2TP send buffer allocation size overflows
kernel: L2TP send buffer allocation size overflows
Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call.
Statement: The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 did not
include L2TP functionality, and therefore are not affected by this
issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat
Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0007.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html.
Suricata
ET WEB_CLIENT Adobe Flash Player Button Remote Code Execution Attempt
suricata·2011-07-15
CVE-2010-3654 ET WEB_CLIENT Adobe Flash Player Button Remote Code Execution Attempt
ET WEB_CLIENT Adobe Flash Player Button Remote Code Execution Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Adobe Flash Player Button Remote Code Execution Attempt"; flow:established,to_client; flowbits:isset,ET.flash.pdf; file.data; content:"|07 07 02 17 07 06 1A 07 1B 1B 07 02 1C 07 07 1E|"; reference:bid,44504; reference:cve,2010-3654; classtype:attempted-user; sid:2013282; rev:5; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2011_07_15, cve CVE_2010_3654, deployment Perimeter, confidence High, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_04_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Pu
Suricata
ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt
suricata·2011-06-09
CVE-2010-3272 ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt
ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt"; flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/accounts/ValidateAnswers?methodToCall=validateAll"; nocase; fast_pattern; http.request_body; content:"&Hide_Captcha=0"; nocase; content:"&LOGIN_NAME="; nocase; distance:0; content:"&quesList="; nocase; distance:0; reference:url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities; reference:cve,2010-3272; classtype:web-application-attack; sid:2012979; rev:4; metadata:created_at 2011_06_09, cve CVE_2010_3272, confidence Medium, signature_severity Major, updated_at 2020_1
Suricata
ET WEB_CLIENT Android Webkit removeChild Use-After-Free Remote Code Execution Attempt
suricata·2011-03-16
CVE-2010-1119 ET WEB_CLIENT Android Webkit removeChild Use-After-Free Remote Code Execution Attempt
ET WEB_CLIENT Android Webkit removeChild Use-After-Free Remote Code Execution Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Android Webkit removeChild Use-After-Free Remote Code Execution Attempt"; flow:established,to_client; file.data; content:"document.getElementById|28|"; nocase; content:"id.getAttributeNode|28|"; nocase; distance:0; content:"attribute.childNodes"; nocase; distance:0; content:"document.body.removeChild|28|"; nocase; distance:0; content:"attribute.removeChild|28|"; fast_pattern; nocase; distance:0; reference:bid,40642; reference:cve,2010-1119; classtype:attempted-user; sid:2012509; rev:3; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2011_03_16, cve CVE_2010_1119,
Exploit-DB
SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)
exploitdb·2011-09-20·CVSS 4.0
CVE-2011-1892 [MEDIUM] SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)
SharePoint 2007/2010 and DotNetNuke
]>
&boom;
poc filename: xee.xsl
Exploit-DB
Microsoft Office 2010 - '.RTF' Header Stack Overflow
exploitdb·2011-07-03·CVSS 7.8
CVE-2010-3333 [HIGH] Microsoft Office 2010 - '.RTF' Header Stack Overflow
Microsoft Office 2010 - '.RTF' Header Stack Overflow
---
# Exploit Title: MS Office 2010 RTF Header Stack Overflow Vulnerability
Exploit
# Date: 7/3/2011
# Author: Snake ( Shahriyar.j gmail )
# Version: MS Office
# unfortunately msgr3en.dll loads a few seconds after opining office,
# so just need to open open Office , and then open exploit after a few second and saw a nice calc.
#
# The Arashi : http://abysssec.com/files/The_Arashi.pdf
# http://www.exploit-db.com/docs/17469.pdf
#
# me : twitter.com/ponez
# aslo check here for Persian docs of this methods and more :
# http://www.0days.ir/article/
#
# and the Rop :
3F2CB9E0 POP ECX
RETN
# HeapCreate() IAT = 3F10115C
3F389CA5 MOV EAX,DWORD PTR DS:[ECX]
RETN
# EAX == HeapCreate() Address
3F39AFCF CALL EAX
RETN
# Call HeapCreate() and Cr
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe Hostname' CGI Buffer Overflow (Metasploit)
exploitdb·2011-03-25
CVE-2010-1555 HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe Hostname' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe Hostname' CGI Buffer Overflow (Metasploit)
---
##
# $Id: hp_nnm_getnnmdata_hostname.rb 12131 2011-03-25 00:46:59Z mc $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HEAD', :uri => '/OvCgi/getnnmdata.exe', :pattern => /Hewlett-Packard Development Company/ }
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::Remote::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'HP OpenView Network Node Manager getnnmdata.exe (Hostname) CGI Buffer Overflow',
'Descrip
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'snmpviewer.exe' Remote Buffer Overflow (Metasploit)
exploitdb·2011-03-23
CVE-2010-1552 HP OpenView Network Node Manager (OV NNM) - 'snmpviewer.exe' Remote Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'snmpviewer.exe' Remote Buffer Overflow (Metasploit)
---
##
# $Id: hp_nnm_snmpviewer_actapp.rb 12098 2011-03-23 15:47:20Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HEAD', :uri => '/OvCgi/snmpviewer.exe', :pattern => /Hewlett-Packard Development Company/ }
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'HP OpenView Network Node Manager snmpviewer.exe Buffer Overflow',
'Description' => %q{
This module exp
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' Unrecognized Option Buffer Overflow (Metasploit)
exploitdb·2011-03-23
CVE-2010-1960 HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' Unrecognized Option Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' Unrecognized Option Buffer Overflow (Metasploit)
---
##
# $Id: hp_nnm_ovwebsnmpsrv_uro.rb 12095 2011-03-23 15:43:25Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HEAD', :uri => '/OvCgi/jovgraph.exe', :pattern => /Hewlett-Packard Development Company/ }
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow',
'D
Exploit-DB
Sun Java Applet2ClassLoader - Remote Code Execution (Metasploit)
exploitdb·2011-03-16
CVE-2010-4452 Sun Java Applet2ClassLoader - Remote Code Execution (Metasploit)
Sun Java Applet2ClassLoader - Remote Code Execution (Metasploit)
---
##
# $Id: java_codebase_trust.rb 11983 2011-03-16 05:01:29Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'rex'
class Metasploit3 'Sun Java Applet2ClassLoader Remote Code Execution Exploit',
'Description' => %q{
This module exploits a vulnerability in Java Runtime Environment
that allows an attacker to escape the Java Sandbox. By supplying a
codebase that points at a trusted directory and a code that is a URL that
does not contain an dots an applet can run without the sandb
Exploit-DB
Novell iPrint Client 5.52 - ActiveX Control Buffer Overflow (Metasploit)
exploitdb·2011-03-07
CVE-2010-4321 Novell iPrint Client 5.52 - ActiveX Control Buffer Overflow (Metasploit)
Novell iPrint Client 5.52 - ActiveX Control Buffer Overflow (Metasploit)
---
##
# $Id: novelliprint_getdriversettings_2.rb 11888 2011-03-07 02:28:15Z bannedit $
##
###
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Novell iPrint Client ActiveX Control %q{
This module exploits a stack buffer overflow in Novell iPrint Client 5.52. When
sending an overly long string to the GetDriverSettings() property of ienipp.ocx
an attacker may be able to execute arbitrary code.
},
'License' => MSF_LICENSE,
'Author' =>
[
'mr_me ', # metasploit module
'Dr_IDE' #
Exploit-DB
Oracle Document Capture - 'empop3.dll' Insecure Methods
exploitdb·2011-01-26·CVSS 9.3
CVE-2010-3591 [CRITICAL] Oracle Document Capture - 'empop3.dll' Insecure Methods
Oracle Document Capture - 'empop3.dll' Insecure Methods
---
Source: http://packetstormsecurity.org/files/view/97868/DSECRG-11-005.txt
ActiveX components contain insecure methods.
Digital Security Research Group [DSecRG] Advisory DSECRG-11-005 (internal #DSECRG-00154)
Application: Oracle Document Capture
Versions Affected: Release 10gR3
Vendor URL: www.oracle.com
Bugs: insecure method, File overwriting, File deleting
Exploits: YES
Reported: 22.03.2010
Vendor response: 31.03.2010
Date of Public Advisory:24.01.2011
CVE-number: CVE-2010-3591
Author: Evdokimov Dmitriy from Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)
Description
Oracle Document Capture contains ActiveX components that contains insecure methods in empop3.dll
Details
Oracle Document Captu
Exploit-DB
CakePHP 1.3.5/1.2.8 - Cache Corruption (Metasploit)
exploitdb·2011-01-14
CVE-2010-4335 CakePHP 1.3.5/1.2.8 - Cache Corruption (Metasploit)
CakePHP 1.3.5/1.2.8 - Cache Corruption (Metasploit)
---
##
# $Id: cakephp_cache_corruption.rb 11579 2011-01-14 16:25:37Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'CakePHP %q{
CakePHP is a popular PHP framework for building web applications.
The Security component of CakePHP is vulnerable to an unserialize attack which
could be abused to allow unauthenticated attackers to execute arbitrary
code with the permissions of the webserver.
},
'Author' =>
[
'tdz',
'Felix Wilhelm', # poc
],
'License' => MSF_LICENSE,
'Version' => '$Revis
Exploit-DB
Apple QuickTime 7.6.6 - Invalid SMIL URI Buffer Overflow (Metasploit)
exploitdb·2011-01-08
CVE-2010-1799 Apple QuickTime 7.6.6 - Invalid SMIL URI Buffer Overflow (Metasploit)
Apple QuickTime 7.6.6 - Invalid SMIL URI Buffer Overflow (Metasploit)
---
##
# $Id: apple_quicktime_smil_debug.rb 11513 2011-01-08 00:25:44Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 OperatingSystems::WINDOWS,
:javascript => true,
:rank => NormalRanking, # reliable memory corruption
:vuln_test => nil,
})
def initialize(info = {})
super(update_info(info,
'Name' => 'Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in Apple QuickTime
7.6.6. When processing a malf
Bugzilla
CVE-2010-4563 kernel: ipv6: sniffer detection
bugzilla·2012-02-09·CVSS 5.0
CVE-2010-4563 [MEDIUM] CVE-2010-4563 kernel: ipv6: sniffer detection
CVE-2010-4563 kernel: ipv6: sniffer detection
The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
References:
http://seclists.org/dailydave/2011/q2/25
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4563
Discussion:
Statement:
The Red Hat Security Response Team has rated this issue as having low security
impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Bugzilla
CVE-2011-2999 Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38)
bugzilla·2011-09-28·CVSS 4.3
CVE-2011-2999 [MEDIUM] CVE-2011-2999 Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38)
CVE-2011-2999 Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38)
Mozilla developer Boris Zbarsky reported that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy. This flaw allows circumvention of the fix added for MFSA 2010-10.
References:
http://www.mozilla.org/security/announce/2011/mfsa2011-38.html
https://bugzilla.mozilla.org/show_bug.cgi?id=665548
Discussion:
This issue has been addressed in following products:
Red Hat En
Bugzilla
CVE-2010-4819 X.org: ProcRenderAddGlyphs input sanitization flaw
bugzilla·2011-09-23·CVSS 3.6
CVE-2010-4819 [LOW] CVE-2010-4819 X.org: ProcRenderAddGlyphs input sanitization flaw
CVE-2010-4819 X.org: ProcRenderAddGlyphs input sanitization flaw
It was reported [1] that ProcRenderAddGlyphs() suffered from an input sanitization flaw. This could allow a local attacker to possibly expose arbitrary memory or crash the X server.
This has been fixed upstream [2].
[1] https://bugs.freedesktop.org/show_bug.cgi?id=28801
[2] http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718
Discussion:
This doesn't affect Fedora 14+ (xorg-server-1.9.5) as the patch in [2] is applied.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:1359 https://rhn.redhat.com/errata/RHSA-2011-1359.html
---
This issue has been addressed in following products:
Red Hat
Bugzilla
CVE-2010-4451 JDK unspecified vulnerability in Install component
bugzilla·2011-02-16·CVSS 7.6
CVE-2010-4451 [HIGH] CVE-2010-4451 JDK unspecified vulnerability in Install component
CVE-2010-4451 JDK unspecified vulnerability in Install component
Update 24 of Oracle/Sun Java fixes an unspecified vulnerability in the
Install component (CVE-2010-4451). The CVSSv2 scored upstream is
cvss2=7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C
Reference:
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Extras for RHEL 4
Via RHSA-2011:0282 https://rhn.redhat.com/errata/RHSA-2011-0282.html
Bugzilla
CVE-2010-4447 JDK unspecified vulnerability in Deployment component
bugzilla·2011-02-16·CVSS 4.3
CVE-2010-4447 [MEDIUM] CVE-2010-4447 JDK unspecified vulnerability in Deployment component
CVE-2010-4447 JDK unspecified vulnerability in Deployment component
Update 24 of Oracle/Sun Java fixes an unspecified vulnerability in the
Deployment component (CVE-2010-4447). The CVSSv2 scored upstream is
cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N
Reference:
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Extras for RHEL 4
Via RHSA-2011:0282 https://rhn.redhat.com/errata/RHSA-2011-0282.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 6
Supplementary for Red Hat Enterprise Linux 5
Extras for RHEL 4
Via RHSA-2011:0357 https://rhn.redhat.
Bugzilla
CVE-2010-4471 OpenJDK Java2D font-related system property leak (6985453)
bugzilla·2011-02-08·CVSS 5.0
CVE-2010-4471 [MEDIUM] CVE-2010-4471 OpenJDK Java2D font-related system property leak (6985453)
CVE-2010-4471 OpenJDK Java2D font-related system property leak (6985453)
A vulnerability was discovered in the 2D subcomponent. Exceptions thrown when processing broken CFF fonts could leak system property values.
This issue (CVE-2010-4471) is not exploitable when using OpenJDK on Red Hat
Enterprise Linux 5 and 6; however, the fix was added as a defense in depth.
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Extras for RHEL 4
Via RHSA-2011:0282 https://rhn.redhat.com/errata/RHSA-2011-0282.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:0281 https://rhn.redhat.com/errata/RHSA-2011-0281.html
-
Bugzilla
CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662)
bugzilla·2011-02-08·CVSS 10.0
CVE-2010-4465 [CRITICAL] CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662)
CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662)
A flaw was found in the Swing library. Forged TimerEvents could be used to
bypass SecurityManager checks, allowing access to otherwise blocked files and
directories.
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Extras for RHEL 4
Via RHSA-2011:0282 https://rhn.redhat.com/errata/RHSA-2011-0282.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:0281 https://rhn.redhat.com/errata/RHSA-2011-0281.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 6
Supplementary for Red Ha
Bugzilla
CVE-2011-0445 wireshark: DoS via crafted packets to ASN.1 BER dissector (upstream bug #5537)
bugzilla·2011-01-13·CVSS 5.0
CVE-2011-0445 [MEDIUM] CVE-2011-0445 wireshark: DoS via crafted packets to ASN.1 BER dissector (upstream bug #5537)
CVE-2011-0445 wireshark: DoS via crafted packets to ASN.1 BER dissector (upstream bug #5537)
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0445 to
the following vulnerability:
Name: CVE-2011-0445
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0445
Assigned: 20110112
Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2011-02.html
Reference: CONFIRM: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5537
Reference: VUPEN:ADV-2011-0079
Reference: URL: http://www.vupen.com/english/advisories/2011/0079
The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote
attackers to cause a denial of service (assertion failure) via crafted
packets, as demonstrated by fuzz-2010-12-30-28473.pcap.
Discussion:
Created wireshark tracking bugs
Bugzilla
CVE-2010-1679 CVE-2011-0402 dpkg various flaws [fedora-all]
bugzilla·2011-01-12·CVSS 6.8
CVE-2010-1679 [MEDIUM] CVE-2010-1679 CVE-2011-0402 dpkg various flaws [fedora-all]
CVE-2010-1679 CVE-2011-0402 dpkg various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=668922
Please note: this issue affects multiple supported vers
Bugzilla
CVE-2010-4165 kernel: possible kernel oops from user MSS
bugzilla·2010-11-12·CVSS 4.9
CVE-2010-4165 [MEDIUM] CVE-2010-4165 kernel: possible kernel oops from user MSS
CVE-2010-4165 kernel: possible kernel oops from user MSS
With commit f5fff5dc8a7a3f395b0525c02ba92c95d42b7390, a user program
can pass in TCP_MAXSEG of 12 (or TCPOLEN_TSTAMP_ALIGNED), and cause
kernel oops with division by 0 in tcp_select_initial_window.
Proposed patch:
http://www.spinics.net/lists/netdev/msg146495.html
Reference:
http://www.spinics.net/lists/netdev/msg146405.html
Acknowledgements:
Red Hat would like to thank Steve Chen for reporting this issue.
Discussion:
Statement:
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0
Bugzilla
CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack
bugzilla·2010-11-08·CVSS 5.8
CVE-2010-3879 [MEDIUM] CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack
CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack
It was reported [1],[2] that the fusermount tool was vulnerable to a race condition between mounting a user filesystem and updating mtab using the standard mount command. If a user were able to win the race, the real mount entry and the mtab entry would differ, making the fuse-mounted filesystem not unmountable by an unprivileged user. Crafted mtab entries can then be used to trick fusermount into believing that a certain part of the filesystem is a user-space filesystem, and will unmount what should be a privileged filesystem (as demonstrated by unmounting /proc).
According to the SUSE bug report [3], this would affect fuse versions before 2.8.2 or util-linu
Bugzilla
flash-plugin: security bulletin APSB10-26
bugzilla·2010-11-04·CVSS 9.3
CVE-2010-3654 [CRITICAL] flash-plugin: security bulletin APSB10-26
flash-plugin: security bulletin APSB10-26
On 2011-11-04 Aboe plans to release an update for Adobe Flash Player, providing 10.1.102.64 and 9.0.289.0 to address multiple security issues allowing code execution. The flaws are described in the Adobe Security Bulletin ASPB10-26:
http://www.adobe.com/support/security/bulletins/apsb10-26.html
* This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-3654).
* This update resolves an input validation issue vulnerability that could lead to a bypass of cross-domain policy file restrictions with certain server encodings (CVE-2010-3636).
* This update resolves a memory corruption vulnerability that could lead to code execution (ActiveX only) (CVE-2010-3637).
* This update resolves an information disclosu
http://blogs.msdn.com/developingfordynamicsgp/archive/2008/10/02/why-does-microsoft-dynamics-gp-encrypt-passwords.aspxhttp://slashdot.org/story/10/05/21/1437227http://www.christopherkois.com/?p=448http://blogs.msdn.com/developingfordynamicsgp/archive/2008/10/02/why-does-microsoft-dynamics-gp-encrypt-passwords.aspxhttp://slashdot.org/story/10/05/21/1437227http://www.christopherkois.com/?p=448
2010-05-21
Published