Jan Lieskovsky

**Nome do software vulnerável e versões afetadas** Versões do Xchat-WDK anteriores à 1499-4 Versão 2.8.6 do Xchat **Descrição** Um estouro de buffer baseado na pilha (heap) poderia permitir que invasores remotos causassem uma negação de serviço ou executassem código arbitrário por meio de uma linha UTF-8 do servidor contendo caracteres fora do Plano Multilíngue Básico (BMP). **Recomendações** Para versões do Xchat-WDK anteriores à 1499-4, atualize para a versão 1499-4 ou posterior para resolver o problema. Para a versão 2.8.6 do xchat, considere desativar o tratamento de linhas UTF-8 provenientes de servidores até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas: Versões do kdeplasma-addons anteriores à 4.10.5 Descrição: O problema diz respeito à macro %{password(...)} no arquivo pastemacroexpander.cpp, que não gera senhas corretamente. Isso permite que invasores contornem a autenticação por meio de um ataque de força bruta. Recomendações: Para versões anteriores à 4.10.5, atualize para a versão 4.10.5 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso a áreas confidenciais que dependem da macro %{password(...)} para autenticação até que a atualização seja aplicada.

**Nome do software vulnerável e versões afetadas** Versões do fwknop anteriores à 2.0.3 **Descrição** A vulnerabilidade permite que usuários remotos autenticados provoquem uma negação de serviço, resultando em uma falha do servidor, ou possivelmente executem código arbitrário. **Recomendações** Para versões anteriores à 2.0.3, atualize para a versão 2.0.3 ou posterior para resolver o problema.

**Nome do software vulnerável e versões afetadas** Versões 2.0.x a 2.0.0 do Zend Framework **Descrição** Várias vulnerabilidades de script entre sites (XSS) permitem que invasores remotos injetem scripts da Web ou HTML arbitrários por meio de entradas não especificadas em vários componentes, incluindo (1) Debug, (2) FeedPubSubHubbub, (3) LogFormatterXml, (4) TagCloudDecorator, (5) Uri, (6) ViewHelperHeadStyle, (7) ViewHelperNavigationSitemap ou (8) ViewHelperPlaceholderContainerAbstractStandalone, relacionadas ao Escaper. **Recomendações** Para as versões 2.0.x a 2.0.0, atualize para a versão 2.0.1 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir a entrada nos componentes afetados, como Debug, FeedPubSubHubbub, LogFormatterXml, TagCloudDecorator, Uri, ViewHelperHeadStyle, ViewHelperNavigationSitemap ou ViewHelperPlaceholderContainerAbstractStandalone, até que um patch esteja disponível.

**Name of the Vulnerable Software and Affected Versions** Freeciv versions prior to 2.3.4 **Description** A denial of service flaw was found in the way the server component of Freeciv processed certain packets. A remote attacker could send a specially-crafted packet that, when processed, would lead to memory exhaustion or excessive CPU consumption. **Recommendations** For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the server component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Java SE 7 as provided by OpenJDK 7 **Description** An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation incorrectly initialized integer arrays after memory allocation, potentially allowing them to have nonzero elements right after allocation. A remote attacker could use this flaw to obtain potentially sensitive information. **Recommendations** For Java SE 7 as provided by OpenJDK 7, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LDAP Account Manager (LAM) Pro version 3.6 **Description** A Cross-Site Scripting (XSS) issue exists in the filter parameter to "cmd.php" in an export and exporter id action, and the filteruid parameter to "list.php". **Recommendations** For LDAP Account Manager (LAM) Pro version 3.6, consider disabling access to the "cmd.php" and "list.php" scripts until a patch is available, or restrict the use of the `filter` and `filteruid` parameters in these scripts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LDAP Account Manager (LAM) Pro version 3.6 **Description** A Cross-Site Scripting (XSS) issue exists in the export, add value form, and dn parameters to "cmd.php" API endpoint. This allows for potential malicious script execution. **Recommendations** For LDAP Account Manager (LAM) Pro version 3.6, consider restricting access to the "cmd.php" API endpoint until a patch is available. As a temporary workaround, avoid using the `export`, `add value form`, and `dn` parameters in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jasig Project php-pear-CAS version 1.2.2 **Description** An Information Disclosure issue exists in the Jasig Project php-pear-CAS package. The Central Authentication Service client library archives the debug logging file in an insecure manner in the /tmp directory. **Recommendations** For Jasig Project php-pear-CAS version 1.2.2, consider restricting access to the debug logging file in the /tmp directory to minimize the risk of exploitation. As a temporary workaround, avoid using the debug logging feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Yaws version 1.91 **Description** The issue arises from the way certain URLs are processed, allowing a remote authenticated user to exploit a directory traversal flaw. This could enable the user to obtain the content of arbitrary local files by sending specially-crafted URL requests. **Recommendations** For Yaws version 1.91, consider restricting access to sensitive local files until a patch is available. As a temporary workaround, carefully validate and sanitize all URL requests to prevent directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** hardlink versions prior to 0.1.2 **Description** The issue arises from the way hardlink processes directory trees with deeply nested directories, leading to multiple stack-based buffer overflow flaws. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it. This could result in the hardlink executable crashing or potentially executing arbitrary code with the privileges of the user running the hardlink executable. **Recommendations** For versions prior to 0.1.2, update to version 0.1.2 or later to resolve the issue. As a temporary workaround, consider avoiding the consolidation of directory trees with deeply nested directories until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 **Description** The issue allows a remote attacker to bypass or corrupt the integrity of services that rely on strong private RSA key generation mechanisms, due to the generation of an exponent value of '1' for private RSA key generation. **Recommendations** For versions after 2011-09-01 up to 2011-11-03, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yubico PAM Module versions prior to 2.10 **Description** The issue allows a remote attacker to bypass the common authentication process by providing a NULL value as the password string, potentially gaining access to an account. This can be achieved by pressing the Ctrl-D keyboard sequence when the `use first pass` PAM configuration option is not used and the module is configured as 'sufficient' in the PAM configuration. **Recommendations** For Yubico PAM Module versions prior to 2.10, update to version 2.10 or later to resolve the issue. As a temporary workaround, consider configuring the `use first pass` PAM configuration option or changing the module configuration to 'required' to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hardlink versions prior to 0.1.2 **Description** The issue arises from multiple integer overflows that lead to heap-based buffer overflows due to the way string lengths are concatenated in the calculation of the required memory space. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, potentially leading to a hardlink executable crash or arbitrary code execution with user privileges. **Recommendations** For versions prior to 0.1.2, update to version 0.1.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of hardlink to prevent consolidation of potentially malicious directory trees until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Drupal Views Bulk Operations (VBO) module versions 6.x-1.0 through 6.x-1.10 **Description** The issue arises from the improper escaping of vocabulary help in the Drupal Views Bulk Operations (VBO) module when user tagging is enabled and the "Modify node taxonomy terms" action is used. This could allow a remote attacker to provide a specially-crafted URL, potentially leading to a cross-site scripting (XSS) attack. **Recommendations** For versions 6.x-1.0 through 6.x-1.10, consider disabling the "Modify node taxonomy terms" action until a proper fix is available to prevent potential XSS attacks. Restrict access to user tagging functionality in the vocabulary to minimize the risk of exploitation. Avoid using the vulnerable module for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zope versions 2.8.x through 2.8.11 Zope versions 2.9.x through 2.9.11 Zope versions 2.10.x through 2.10.10 Zope versions 2.11.x through 2.11.5 Zope versions 2.12.x through 2.12.2 Zope versions 3.1.1 through 3.4.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. This issue exists due to an incomplete fix. **Recommendations** For Zope versions 2.8.x through 2.8.11, update to version 2.8.12 or later. For Zope versions 2.9.x through 2.9.11, update to version 2.9.12 or later. For Zope versions 2.10.x through 2.10.10, update to version 2.10.11 or later. For Zope versions 2.11.x through 2.11.5, update to version 2.11.6 or later. For Zope versions 2.12.x through 2.12.2, update to version 2.12.3 or later. For Zope versions 3.1.1 through 3.4.1, update to a version later than 3.4.1.

**Name of the Vulnerable Software and Affected Versions** quagga version 0.99.21 **Description** The issue is related to a denial of service flaw in the way the ospf6d daemon performs routes removal. **Recommendations** For quagga version 0.99.21, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libuser (affected versions not specified) **Description** The issue is related to information disclosure when the user's home directory is moved. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** evolution-data-server3 versions 3.0.3 through 3.2.1 **Description** The issue arises when the Sent folder is located on a remote server, and the software uses an insecure, non-SSL connection to store sent email messages. This flaw could allow an attacker to obtain the login credentials of the victim. **Recommendations** For evolution-data-server3 versions 3.0.3 through 3.2.1, consider configuring the software to use a secure SSL connection when storing sent email messages in the Sent folder on a remote server. As a temporary workaround, restrict access to the Sent folder on the remote server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** openvas-scanner versions prior to 2011-09-11 **Description** The issue allows a local attacker to conduct symlink attacks, potentially overwriting arbitrary files on the system. This is due to the insecure creation of a temporary file when generating OVAL system characteristics documents with the ovaldi integrated tool enabled. **Recommendations** For versions prior to 2011-09-11, update to a version released after 2011-09-11 to resolve the issue. As a temporary workaround, consider disabling the ovaldi integrated tool until a patch is available. Restrict access to the temporary files generated by openvas-scanner to minimize the risk of exploitation.