Vulnerability Summary for the Week of August 9, 2010
Released
Aug 16, 2010
Document ID
SB10-228
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco -- adaptive_security_appliance | Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc77567. | 2010-08-09 | 7.8 | CVE-2010-1578 CISCO SECUNIA |
| cisco -- adaptive_security_appliance | Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc79922. | 2010-08-09 | 7.8 | CVE-2010-1579 CISCO SECUNIA |
| cisco -- adaptive_security_appliance | Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc85753. | 2010-08-09 | 7.8 | CVE-2010-1580 CISCO SECUNIA |
| cisco -- adaptive_security_appliance | Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtd32627. | 2010-08-09 | 7.8 | CVE-2010-1581 CISCO BID SECUNIA |
| cisco -- asa_5500 | Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506. | 2010-08-09 | 7.8 | CVE-2010-2814 CISCO BID SECUNIA |
| cisco -- asa_5500 | Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf55259. | 2010-08-09 | 7.8 | CVE-2010-2815 CISCO BID SECUNIA |
| cisco -- asa_5500 | Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtd32106. | 2010-08-09 | 7.8 | CVE-2010-2816 CISCO BID SECUNIA |
| cisco -- asa_5500 | Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.10), and 8.3 before 8.3(1.1) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a crafted IKE message, aka Bug ID CSCte46507. | 2010-08-09 | 7.8 | CVE-2010-2817 CISCO BID SECUNIA |
| cisco -- firewall_services_module | Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61710. | 2010-08-09 | 7.8 | CVE-2010-2818 CISCO SECUNIA |
| cisco -- firewall_services_module | Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61622. | 2010-08-09 | 7.8 | CVE-2010-2819 CISCO SECUNIA |
| cisco -- firewall_services_module | Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61662. | 2010-08-09 | 7.8 | CVE-2010-2820 CISCO SECUNIA |
| cisco -- firewall_services_module | Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) with software 3.2 before 3.2(17.2), 4.0 before 4.0(11.1), and 4.1 before 4.1(1.2) for Catalyst 6500 series switches and 7600 series routers, when multi-mode is enabled, allows remote attackers to cause a denial of service (device reload) via crafted (1) Telnet, (2) SSH, or (3) ASDM traffic over TCP, aka Bug ID CSCtg68694. | 2010-08-09 | 7.1 | CVE-2010-2821 CISCO SECUNIA |
| cisco -- unified_wireless_network_solution_software | The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access. | 2010-08-10 | 10.0 | CVE-2010-2976 CONFIRM |
| cisco -- unified_wireless_network_solution_software | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611. | 2010-08-10 | 10.0 | CVE-2010-2977 CONFIRM |
| cisco -- unified_wireless_network_solution_software | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660. | 2010-08-10 | 10.0 | CVE-2010-2978 CONFIRM |
| cisco -- unified_wireless_network_solution_software | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508. | 2010-08-10 | 7.8 | CVE-2010-2979 CONFIRM |
| cisco -- unified_wireless_network_solution_software | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794. | 2010-08-10 | 7.8 | CVE-2010-2980 CONFIRM |
| cisco -- unified_wireless_network_solution_software | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370. | 2010-08-10 | 7.1 | CVE-2010-2981 CONFIRM |
| cisco -- unified_wireless_network_solution_software | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037. | 2010-08-10 | 7.1 | CVE-2010-2982 CONFIRM |
| cisco -- unified_wireless_network_solution_software | The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an "EAPoL logoff attack," aka Bug ID CSCte43374. | 2010-08-10 | 7.8 | CVE-2010-2983 CONFIRM |
| cisco -- unified_wireless_network_solution_software | Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305. | 2010-08-10 | 10.0 | CVE-2010-2984 CONFIRM |
| hp -- procurve_switch_2626 | Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. | 2010-08-09 | 8.3 | CVE-2010-2707 SECUNIA HP HP |
| ubuntu -- ubuntu_linux | The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. | 2010-08-10 | 9.3 | CVE-2010-0834 BID VUPEN UBUNTU SECUNIA |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cabextract -- cabextract | The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library. | 2010-08-09 | 4.3 | CVE-2010-2800 VUPEN CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM |
| cabextract -- cabextract | Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library. | 2010-08-09 | 5.1 | CVE-2010-2801 VUPEN CONFIRM CONFIRM CONFIRM CONFIRM XF VUPEN BID DEBIAN MLIST MLIST CONFIRM |
| cisco -- wireless_control_system_software | Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288. | 2010-08-10 | 4.3 | CVE-2010-2986 MISC BID BUGTRAQ CONFIRM SECUNIA |
| cisco -- wireless_control_system_software | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854. | 2010-08-10 | 4.3 | CVE-2010-2987 CONFIRM SECUNIA |
| cisco -- unified_wireless_network_solution_software | Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333. | 2010-08-10 | 4.3 | CVE-2010-2988 CONFIRM SECUNIA |
| hp -- procurve_switch_1800-24g | Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via unknown vectors. | 2010-08-09 | 6.1 | CVE-2010-2705 HP HP SECUNIA |
| hp -- procurve_switch_2610 | Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors. | 2010-08-09 | 6.1 | CVE-2010-2706 SECUNIA HP HP |
| hp -- procurve_switch_2610 | Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors. | 2010-08-09 | 6.1 | CVE-2010-2708 SECUNIA HP HP |
| ibm -- websphere_service_registry_and_repository | Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do. | 2010-08-10 | 4.3 | CVE-2010-2985 BID AIXAPAR SECUNIA |
| nessus -- web_server_plugin | nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to obtain sensitive information via a request to the /feed method, which reveals the version in a response. | 2010-08-10 | 5.0 | CVE-2010-2989 CONFIRM BUGTRAQ |
| redhat -- jboss_enterprise_soa_platform | The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) the jbpm-console application, (7) the contract application, and (8) the uddi-console application in JBoss Enterprise SOA Platform before 5.0.2 contains GET and POST http-method elements, which allows remote attackers to bypass intended access restrictions via a crafted HTTP request. | 2010-08-10 | 5.0 | CVE-2010-2493 CONFIRM CONFIRM CONFIRM SECUNIA |
| rsa -- envision | RSA enVision before 3.7 SP1 allows remote authenticated users to cause a denial of service via unspecified vectors. | 2010-08-10 | 4.0 | CVE-2010-2634 BUGTRAQ |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco -- unified_wireless_network_solution_software | Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544. | 2010-08-10 | 2.1 | CVE-2010-2975 CONFIRM |
| mantisbt -- mantisbt | Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action. | 2010-08-10 | 2.1 | CVE-2010-2574 BUGTRAQ MISC SECUNIA |
| redhat -- jboss_enterprise_service_bus | JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service. | 2010-08-10 | 3.5 | CVE-2010-2474 CONFIRM CONFIRM CONFIRM SECUNIA SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.