Thomas Biege

**Nome do software vulnerável e versões afetadas** open-vm-tools versão 2009.03.18-154848 **Descrição** Foi descoberta uma vulnerabilidade no open-vm-tools que permite que usuários locais obtenham privilégios por meio de um ataque de link simbólico em arquivos do diretório /tmp, caso o `vmware-user-suid-wrapper` esteja configurado com setuid root e a função `ChmodChownDirectory` esteja habilitada. **Recomendações** Para a versão 2009.03.18-154848 do open-vm-tools, considere desativar a função `ChmodChownDirectory` ou remover o bit setuid root do `vmware-user-suid-wrapper` como uma solução temporária para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** rhn-proxy (affected versions not specified) **Description** The issue is related to the transmission of credentials over clear-text when accessing RHN Satellite. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails version 2.3 **Description** The issue concerns the encrypt/decrypt functions in Ruby on Rails, which are susceptible to padding oracle attacks. **Recommendations** For Ruby on Rails version 2.3, update to a version that includes a fix for this issue to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** crowbar versions prior to 2012-10-02 **Description** The issue concerns the creation of files with insecure permissions by the install-chef-suse.sh script, allowing local users to access confidential data. **Recommendations** For versions prior to 2012-10-02, consider updating the install-chef-suse.sh script to create files with secure permissions to prevent unauthorized access to confidential data.

**Name of the Vulnerable Software and Affected Versions** SUSE Studio Onsite versions prior to 1.0.3-0.18.1 SUSE Studio Onsite 1.1 Appliance versions prior to 1.1.2-0.25.1 **Description** A vulnerability in SUSE Studio Onsite allows authenticated users to execute arbitrary SQL statements via SQL injection. This issue affects the listing of available software. **Recommendations** For SUSE Studio Onsite versions prior to 1.0.3-0.18.1, update to version 1.0.3-0.18.1 or later. For SUSE Studio Onsite 1.1 Appliance versions prior to 1.1.2-0.25.1, update to version 1.1.2-0.25.1 or later.

**Name of the Vulnerable Software and Affected Versions** kiwi versions prior to 4.98.08 SUSE Studio Onsite versions prior to 1.2.1 SUSE Studio Extension for System z versions prior to 1.2.1 **Description** The issue allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to `chown`. **Recommendations** For kiwi versions prior to 4.98.08, update to version 4.98.08 or later to resolve the issue. For SUSE Studio Onsite versions prior to 1.2.1, update to version 1.2.1 or later. For SUSE Studio Extension for System z versions prior to 1.2.1, update to version 1.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** SUSE Studio Onsite versions 1.2 through 1.2 before 1.2.1 SUSE Studio Extension for System z versions 1.2 through 1.2 before 1.2.1 kiwi versions prior to 4.98.05 **Description** The issue allows attackers to execute arbitrary commands via shell metacharacters in an image name. **Recommendations** For SUSE Studio Onsite version 1.2, update to version 1.2.1. For SUSE Studio Extension for System z version 1.2, update to version 1.2.1. For kiwi versions prior to 4.98.05, update to version 4.98.05 or later.

**Name of the Vulnerable Software and Affected Versions** Spacewalk version 1.6 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the `url bounce` parameter. This can be exploited by including a malicious URL in the `url bounce` parameter, potentially leading to phishing attacks. **Recommendations** For Spacewalk version 1.6, consider restricting access to the `url bounce` parameter to minimize the risk of exploitation. Avoid using the `url bounce` parameter in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Performance Co-Pilot (PCP) versions prior to 3.6.10 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file. This is due to a vulnerability in the pcmd and pmlogger init scripts. **Recommendations** For versions prior to 3.6.10, update to version 3.6.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the /var/tmp directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Crowbar versions 1.4 and earlier **Description** The issue is related to insecure handling of temporary files and predictable file names in the Crowbar Ohai plugin, allowing local users to execute arbitrary shell commands. **Recommendations** For Crowbar versions 1.4 and earlier, consider restricting access to the Crowbar Ohai plugin to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenStack Dashboard (Horizon) version 2012.1 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the `next` parameter to the "/auth/login/" API endpoint. **Recommendations** For OpenStack Dashboard (Horizon) version 2012.1, as a temporary workaround, consider restricting access to the `/auth/login/` API endpoint to minimize the risk of exploitation. Avoid using the `next` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenStack Dashboard (Horizon) versions folsom-1 through 2012.1 **Description** A session fixation issue allows remote attackers to hijack web sessions via the `sessionid` cookie. **Recommendations** For OpenStack Dashboard (Horizon) versions folsom-1 through 2012.1, consider regenerating session IDs after a user logs in to prevent session fixation attacks. As a temporary workaround, restrict access to sensitive operations that rely on session authentication until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Spacewalk versions 1.2.39 Red Hat Network Satellite versions 5.3.0 through 5.4.1 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that disable the current user account, add user accounts, or modify user accounts to have administrator privileges. **Recommendations** For Spacewalk version 1.2.39, update to a version that fixes the CSRF vulnerability. For Red Hat Network Satellite versions 5.3.0 through 5.4.1, update to a version that fixes the CSRF vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Network (RHN) Satellite Server version 5.4 **Description** A session fixation issue in Red Hat Network Satellite Server allows remote attackers to hijack web sessions. The issue is related to Spacewalk, but the specific vectors are not specified. **Recommendations** For Red Hat Network (RHN) Satellite Server version 5.4, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions 2.11.x before 2.11.10 **Description** The issue allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. This is due to the `unserialize` function being called on the values of the `configuration` and `v[0]` parameters in the setup script. **Recommendations** For phpMyAdmin versions 2.11.x before 2.11.10, update to version 2.11.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ViewVC versions 1.0 through 1.0.8 ViewVC versions 1.1 through 1.1.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This is achieved via the `view` parameter. **Recommendations** For ViewVC versions 1.0 through 1.0.8, update to version 1.0.9 or later. For ViewVC versions 1.1 through 1.1.1, update to version 1.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** ViewVC versions 1.0 through 1.0.8 ViewVC versions 1.1 through 1.1.1 **Description** The issue is related to printing illegal parameter names and values, and it has unknown impact and remote attack vectors. **Recommendations** For ViewVC versions 1.0 through 1.0.8, update to version 1.0.9 or later. For ViewVC versions 1.1 through 1.1.1, update to version 1.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Go-oo versions 2.x through 3.0.0 **Description** A heap-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a crafted EMF file. This issue is similar to a previously identified problem and is related to the OpenOffice.org (OOo) software. **Recommendations** For Go-oo versions 2.x through 3.0.0, update to version 3.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** open-vm-tools version 2009.03.18-154848 **Description** The issue is related to the mount.vmhgfs component of the open-vm-tools package, which incorrectly handles symbolic links before accessing a file. This can allow an attacker to access confidential data, compromise its integrity, and cause a denial of service. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs. **Recommendations** For open-vm-tools version 2009.03.18-154848, consider disabling the mount.vmhgfs component until a patch is available to prevent exploitation via a symlink attack. Restrict access to the mount.vmhgfs component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions 7.0.0 through 7.0.70.0 Adobe Flash Player versions 8.0.0 through 8.0.35.0 Adobe Flash Player versions 9.0.0 through 9.0.48.0 **Description** The issue is related to insecure permissions for memory used by Adobe Flash Player when running on Linux, which could allow local users to gain privileges. **Recommendations** For Adobe Flash Player versions 7.0.0 through 7.0.70.0, update to a version later than 7.0.70.0 to resolve the issue. For Adobe Flash Player versions 8.0.0 through 8.0.35.0, update to a version later than 8.0.35.0 to resolve the issue. For Adobe Flash Player versions 9.0.0 through 9.0.48.0, update to a version later than 9.0.48.0 to resolve the issue.