#intel

Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.

Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.

Overview The sun generates solar flare and coronal mass ejection (CME) events in an approximate 11-year cycle. The plasma clouds generated from these events have the potential to cause geomagnetic storms that can interfere with terrestrial communications and other electronic systems, posing a risk to critical infrastructure. In a recent case, Earth-orbiting satellites detected the strongest magnetic storm in more than 4 years resulting from a solar flare and CME event.National Oceanic and Atmospheric Administration (NOAA), Space Weather Prediction Center, http://www.swpc.noaa.gov/sxi/index.html, last accessed March 1, 2011. Figure 1 illustrates the size of the CME shockwave edge in relation to the size of the sun at the point of the eruption.      Figure 1. X2-solar flare and coronal mass ejection at the time of the eruption.  At 0156 UT on February 15, 2011, Active Region 11158 unleashed an X2-class eruption.James A. Marusek, “Solar Storm Threat Analysis,” http://www.breadandbuttersc...

Overview The US Federal Aviation Administration (FAA) has issued two flight advisories identifying planned Global Positioning System (GPS) temporary outages and the affected areas, due Department of Defense testing. During testing, the GPS signal may be unreliable or unavailable. ICS-CERT is issuing this advisory as a follow up to yesterday’s alert to notify industrial control systems (ICS) owners and operators whose control systems employ GPS for timing reference or positioning data of possible intermittent GPS service during the testing. FAA Advisories for GPS Testing CHLK GPS 11-06 Location: Porterville, CAFAA, “Flight Advisory GPS Testing CHLK GPS 11-06 January 16−23, 2011, Porterville, CA,” http://www faasafety.gov/files/notices/2011/Jan/Flight advisory porterville GPS.pdf, accessed January 24, 2011. Date: January 16 through January 23, 2011. Duration: This test has been completed. CSFTL GPS 11-01 Location: Brunswick, GAFAA, “Flight Advisory GPS Testing CSFTL GPS 11-01 January 20−...

OVERVIEW This advisory is a follow-up to ICS-ALERT-10-293-01 - Intellicom NetBiter WebSCADA Vulnerabilities, published on the ICS-CERT Web page on October 20, 2010. On October 1, 2010 independent researchers identified vulnerabilities in the Intellicom NetBiter Supervisory Control and Data Acquisition (SCADA) applications. A directory traversal vulnerability is present in all affected devices that lead to local file disclosure. The ability to upload malicious web content using a custom logo page is also possible. All of the reported vulnerabilities require superadmin privileges. If the default password is not changed, the vulnerability can be leveraged to gain additional access to an affected device’s file system. --------- Begin Update A Part 1 of 2 -------- Intellicom has released a software update that limits the ability to read system files and eliminates the ability to perform directory traversals. --------- End Update A Part 1 of 2 -------- AFFECTED PRODUCTS Intellicom NetBiter p...

plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.

Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.

Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc77567.