Vulnerability Summary for the Week of March 31, 2014 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity alliedtelesis ** at*rg+,-a The administrative interface in .llied Telesis .T* 2014-03-31 10.0 CVE-2014-1982 /0+,-. .&'L 1roadband router ,.32, iM0+3-. firmware ,.5, iM0+5+LH firmware 3.4, and iM0+-+1D firmware ,.5 allows remote attac$ers to gain #rivileges and e6ecute arbitrary commands via a direct re7uest to cli.html. androidsu ** 9ntrusted search #ath vulnerability in the 2014-03-31 10.0 CVE-2013-6774 chainsdd_su#eruser hainsDD 'u#eruser #ac$age ,.1.3 for .ndroid -.3.x and earlier, yanogenMod/ loc$;or$Mod:<oush 'u#eruser #ac$age 5.=.2.1 for .ndroid -.2.x and earlier, and hainfire 'u#er'9 #ac$age before 5.6> for .ndroid -.2.x and earlier allows attac$ers to load an arbitrary .jar file and gain #rivileges via a crafted 1OOT L.''P.TH environment variable for a :system:6bin:su #rocess. NOTE: another researcher was unable to re#roduce this with hainsDD 'u#eruser. autodes$ ** s$etchbook Hea#*based buffer overflow in .utodes$ 2014-04-02 9.3 CVE-2013-5365 '$etch1ook for Enter#rise 3=5-, Pro, and "6#ress before +.24, and opic Edition before 3.0.2 allows remote attac$ers to e6ecute arbitrary code via /L"*com#ressed channel data in a P'& file. ca ** erwin8web8#ortal Multi#le directory traversal vulnerabilities in . 2014-04-04 7.5 CVE-2014-2210 "/win ;eb Portal >.5 allow remote attac$ers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or #ossibly e6ecute arbitrary code via uns#ecified vectors. cart#au? ** mingle*forum Multi#le 'QL in?ection vulnerabilities in 2014-04-02 7.5 CVE-2013-0735 wpf.class.ph# in the Mingle Borum #lugin before 5.=.3- for ;ordPress allow remote attac$ers to e6ecute arbitrary 'QL commands via the id #arameter in a viewtopic (5) remove8#ost, (3) stic$y, or (,) closed action or (-) thread #arameter in a #ostre#ly action to inde6.ph#. chainfire ** su#ersu The hainfire 'u#er'9 #ac$age before 5.6> for 2014-03-31 10.0 CVE-2013-6775 .ndroid allows attac$ers to gain #rivileges via the (5) bac$tic$ or (3) C() type of shell metacharacters in the *c option to :system:6bin:su. chec$#oint ** Multi#le uns#ecified vulnerabilities in hec$ 2014-04-01 10.0 CVE-2013-7350 security_gateway Point 'ecurity 0ateway D= /E5.x before /E5.44 (E,=54>5-5) and /E4.2=.x before /E4.2=.4 and +== and 55== a##liances /E4.2=.x before /E4.2=.43 have un$nown im#act and attac$ vectors related to Fim#ortant security fi6es." coreft# ** core8ft# 'tac$*based buffer overflow in ore BTP before 2014-04-04 9.3 CVE-2013-3930 3.3 build 5ED4 allows remote BTP servers to e6ecute arbitrary code via a crafted directory name in a ;D command re#ly. crowbar ** barclam# 1arclam# (a$a barclam#*networ$) 5.7 for the 2014-04-04 7.5 CVE-2014-0592 rowbar Bramewor$, as used in '9'E loud ,, does not enable netfilter on bridges when creating new instances, which allows remote attac$ers to by#ass security grou# restrictions via uns#ecified vectors, related to floating %Ps. emc ** Directory traversal vulnerability in EM !PL"G 2014-04-01 9.0 CVE-2014-0632 vple68geosynchrony 0eoSynchrony -.x and 4.x before 4.3 allows remote authenticated users to e6ecute arbitrary code via uns#ecified vectors. emc ** The 09% in EM !PL"G 0eoSynchrony -.x and 4.x 2014-04-01 7.7 CVE-2014-0633 vple68geosynchrony before 4.3 does not #roperly validate session* timeout values, which might ma$e it easier for remote attac$ers to e6ecute arbitrary code by leveraging an unattended wor$station. emc ** 'ession fi6ation vulnerability in EM !PL"G 2014-04-01 7.5 CVE-2014-0635 vple68geosynchrony 0eoSynchrony -.x and 4.x before 4.3 allows remote attac$ers to hi?ac$ web sessions via uns#ecified vectors. horde ** The framewor$:9til/lib:Horde:!ariables.ph# 2014-04-01 7.5 CVE-2014-1691 horde8a##lication8frame scri#t in the 9til library in Horde before 4.1.1 wor$ allows remote attac$ers to conduct ob?ect in?ection attac$s and e6ecute arbitrary PHP code via a crafted serialized ob?ect in the 8formvars form. h# ** 9ns#ecified vulnerability in HP 'toreOnce !irtual 2014-03-28 7.8 CVE-2013-6211 storeonce83+5=8iscsi8bac 'torage .##liance (!'.) before ,.E.2, 'toreOnce $u#8system 3+66 and -35= i' '% 1ac$u# 'ystem before ,.9.=, 'toreOnce -35= B 1ac$u# 'ystem before ,.>.0, and 'toreOnce -666 1ac$u# 'ystem before ,.9.0 allows remote attac$ers to obtain sensitive information or cause a denial of service via un$nown vectors. ibm ** %1M '.N !olume ontrollerH 'torwize !,4==, 2014-03-28 7.5 CVE-2014-0880 fle68system8v7===8softw !,E==, !4===, and !E===H and Ble6 'ystem are !E=== with software +.3 and +.4 before +.4.1.8, and E.1 and E.2 before E.3.0.3, allow remote attac$ers to obtain L% access, and conse7uently cause a denial of service, via uns#ecified traffic to the administrative %P address. ?gaa ** warft#d 9ns#ecified vulnerability in ;ar BTP Daemon 2014-03-31 10.0 CVE-2013-2278 (warft#d) 5.83, when running as a ;indows service, allows remote attac$ers to cause a denial of service (crash) and #ossibly e6ecute arbitrary code via un$nown vectors related to log messages and the Finternal log handler to the ;indows "vent log." $oushi$8dutta ** The yanogenMod/ loc$;or$Mod:<oush 2014-03-31 10.0 CVE-2013-6769 su#eruser 'u#eruser #ac$age 5.0.2.1 for .ndroid allows attac$ers to gain #rivileges via shell metacharacters in the *c option to :system:6bin:su. $oushi$8dutta ** The yanogenMod/ loc$;or$Mod:<oush 2014-03-31 7.6 CVE-2013-6770 su#eruser 'u#eruser #ac$age 5.0.2.1 for .ndroid -.3 and -.- does not #ro#erly restrict the set of users who can e6ecute :system:6bin:su with the **daemon option, which allows attac$ers to gain #rivileges by leveraging .&1 shell access and a certain Linu6 9%D, and then creating a Trojan horse scri#t. linu6 ** linu68$ernel /ace condition in the ath8t68aggr8slee# 2014-04-01 7.1 CVE-2014-2672 function in drivers:net:wireless:ath:ath>$:6mit.c in the Linu6 $ernel before ,.1,.7 allows remote attac$ers to cause a denial of service (system crash) via a large amount of networ$ traffic that triggers certain list deletions. raoul_#roenca ** gnew Multi#le 'QL in?ection vulnerabilities in 0new 2014-03-31 7.5 CVE-2013-5640 3=5,.1 allow remote attac$ers to e6ecute arbitrary 'AL commands via the (5) answer8id or (3) 7uestion8id #arameter to #olls:vote.ph#, (,) story_id #arameter to comments:add.ph# or (-) comments:edit.ph#, or (4) thread_id #arameter to #osts:add.ph#. NOTE: this issue was 'PL%T due to differences in researchers and disclosure dates. !"*3=5,*E,-> already covers the news8id #arameter to news:send.ph#, user8email #arameter to users:register.ph#, and thread_id to #osts:edit.ph# vectors. raoul_#roenca ** gnew Multi#le 'QL in?ection vulnerabilities in 0new 2014-03-31 7.5 CVE-2013-7349 3=5,.1 allow remote attac$ers to e6ecute arbitrary 'AL commands via the (5) news8id #arameter to news:send.ph#, (3) thread_id #arameter to #osts:edit.ph#, or (,) user8email #arameter to users:#assword.ph# or (-) users:register.ph#. NOTE: these issues were 'PL%T from !"*3=5,*4+-= due to differences in researchers and disclosure dates. samsung ** $ies 1uffer overflow in the Pre#are'ync method in 2014-04-04 10.0 CVE-2012-6429 the 'ync'ervice.dll .ctiveG control in 'amsung <ies before 3.5.1.1353,838E allows remote attac$ers to e6ecute arbitrary code via a long string to the #assword argument. schneider*electric ** Multi#le stac$*based buffer overflows in 2014-04-01 9.3 CVE-2013-0662 conce#t ModbusDrv.e6e in 'chneider Electric Modbus 'erial Driver 5.1= through ,.2 allow remote attac$ers to e6ecute arbitrary code via a large buffer*size value in a Modbus .##lication Header. schneider*electric ** Multi#le buffer overflows in the OP .utomation 2014-04-04 7.8 CVE-2014-0789 opc8factory_server8tlxcdl 3.= 'erver Ob?ect .ctiveG control in 'chneider fofs Electric OP Bactory 'erver (@B') TLG &'9@B',, ,.4 and earlier, TLG &'T@B',, ,.5 and earlier, TLG DL9@B',, ,.4 and earlier, TLG DLT@B',, ,.4 and earlier, and TLG DLB@B',, ,.5 and earlier allow remote attac$ers to cause a denial of service via long arguments to uns#ecified functions. sonatype ** ne6us 9ns#ecified vulnerability in 'onatype Ne6us @'' 2014-03-31 7.5 CVE-2014-2034 and Pro 3.4.0 through 3.E.1 allows attac$ers to create arbitrary user accounts via un$nown vectors related to Fan unauthenticated e6ecution #ath." symantec ** The forgotten*#assword feature in 2014-03-28 7.5 CVE-2014-1644 liveu#date8administrator force#asswd.do in the management 09% in 'ymantec Live9#date .dministrator (L9.) 3.x before 3.3.3.15= allows remote attac$ers to reset arbitrary #asswords by #roviding the e*mail address associated with a user account.