Jamie Strandboge

**Name of the Vulnerable Software and Affected Versions** OpenStack Nova versions prior to 2012.1 **Description** The issue allows someone with access to an `EC2 ACCESS KEY` (equivalent to a username) to obtain the `EC2 SECRET KEY` (equivalent to a password). Exposing the `EC2 ACCESS KEY` via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the `EC2 SECRET KEY`. An attacker could also presumably brute force values for `EC2 ACCESS KEY`. **Recommendations** For OpenStack Nova versions prior to 2012.1, update to version 2012.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `EC2 ACCESS KEY` and `EC2 SECRET KEY` to minimize the risk of exploitation. Avoid using http for transmitting `EC2 ACCESS KEY` and consider using secure communication protocols to protect against man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** MoinMoin versions 1.9.3 through 1.9.5 **Description** The issue allows remote attackers to overwrite arbitrary files via a `..` (dot dot) in a file name, due to a directory traversal vulnerability in the ` do attachment move` function in the AttachFile action (`action/AttachFile.py`). **Recommendations** For MoinMoin versions 1.9.3 through 1.9.5, consider disabling the ` do attachment move` function in the AttachFile action until a patch is available. Restrict access to the AttachFile action to minimize the risk of exploitation. Avoid using file names containing `..` (dot dot) in the affected AttachFile action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MoinMoin versions prior to 1.9.6 **Description** The issue allows remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. This can potentially be leveraged to execute arbitrary code. **Recommendations** For versions prior to 1.9.6, update to version 1.9.6 or later to resolve the issue. As a temporary workaround, consider restricting write permissions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MoinMoin versions prior to 1.9.6 **Description** The issue allows remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. This has been exploited in the wild in July 2012. The vulnerabilities are found in the twikidraw (`action/twikidraw.py`) and anywikidraw (`action/anywikidraw.py`) actions. **Recommendations** For versions prior to 1.9.6, update to version 1.9.6 or later to resolve the issue. As a temporary workaround, consider restricting write permissions or disabling the `action/twikidraw.py` and `action/anywikidraw.py` actions until a patch is applied. Avoid using these actions to upload files with executable extensions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ownCloud versions prior to 4.0.9 ownCloud versions prior to 4.5.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the file name to `apps/files versions/js/versions.js` or `apps/files/js/filelist.js`, or the event title to `3rdparty/fullcalendar/js/fullcalendar.js`. **Recommendations** For ownCloud versions prior to 4.0.9, update to version 4.0.9 or later. For ownCloud versions prior to 4.5.0, update to version 4.5.0 or later.

**Name of the Vulnerable Software and Affected Versions** ownCloud versions prior to 4.0.9 ownCloud versions prior to 4.5.0 **Description** The issue concerns the "Lost Password" reset functionality, which does not properly check the security token. This allows remote attackers to change an account's password via unspecified vectors related to a "Remote Timing Attack." **Recommendations** For ownCloud versions prior to 4.0.9, update to version 4.0.9 or later. For ownCloud versions prior to 4.5.0, update to version 4.5.0 or later.

**Name of the Vulnerable Software and Affected Versions** ownCloud versions 4.5.x through 4.5.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters. This affects the apps/user webdavauth/settings.php file. **Recommendations** For ownCloud versions 4.5.x through 4.5.1, update to version 4.5.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ownCloud versions prior to 4.5.2 **Description** The issue allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. This is due to an incomplete blacklist vulnerability in lib/migrate.php. **Recommendations** For versions prior to 4.5.2, update to version 4.5.2 or later to resolve the issue. As a temporary workaround, consider restricting file uploads or disabling the execution of PHP code in uploaded files until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** APT versions 0.7.x through 0.7.24 APT versions 0.8.x through 0.8.15 **Description** The issue allows remote attackers to install altered packages via a man-in-the-middle (MITM) attack, because it relies on GnuPG argument order and does not check GPG subkeys when using the `apt-key net-update` to import keyrings. **Recommendations** For APT versions 0.7.x through 0.7.24, update to version 0.7.25 or later. For APT versions 0.8.x through 0.8.15, update to version 0.8.16 or later.

**Name of the Vulnerable Software and Affected Versions** BackupPC versions 3.0.0 through 3.2.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `num` parameter in a view action to "index.cgi", related to the log file viewer. **Recommendations** For versions 3.0.0 through 3.2.1, as a temporary workaround, consider restricting access to the "index.cgi" endpoint until a patch is available. Avoid using the `num` parameter in the affected "index.cgi" endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClamAV version 0.96 **Description** The issue is related to an off-by-one error in the parseicon function, which can cause a denial of service (crash) when processing a crafted PE icon. This occurs due to an out-of-bounds read triggered by improper rounding during scaling. **Recommendations** For ClamAV version 0.96, consider updating to a newer version that addresses this issue, as the current version is affected by the off-by-one error in the parseicon function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** memcached versions prior to 1.4.3 **Description** The issue allows remote attackers to cause a denial of service, resulting in the daemon hanging or crashing. This is achieved by sending a long line that triggers excessive memory allocation. **Recommendations** For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MoinMoin versions 1.8.7 through 1.9.2 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI, which is a result of a cross-site scripting (XSS) vulnerability in the Despam action module, specifically in the action/Despam.py file. **Recommendations** For versions 1.8.7 and 1.9.2, consider restricting access to the Despam action module until a patch is available. As a temporary workaround, avoid using the Despam action module in MoinMoin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** gnome-screensaver version 2.28.0 **Description** The issue allows physically proximate attackers to access an unattended workstation where screen locking was intended, due to gnome-screensaver not resuming its activation settings after an inhibiting application becomes unavailable on the session bus. **Recommendations** For gnome-screensaver version 2.28.0, consider disabling the screensaver functionality until a patch is available, and ensure that workstations are properly secured when unattended to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MoinMoin versions 1.7 through 1.8.1 **Description** A cross-site scripting (XSS) issue exists in the antispam feature, located in security/antispam.py, allowing remote attackers to inject arbitrary web script or HTML via crafted, disallowed content. **Recommendations** For MoinMoin versions 1.7 through 1.8.1, consider disabling the antispam feature until a patch is available. Restrict access to the security/antispam.py module to minimize the risk of exploitation.