Weekly Vulnerabilities Reports > March 8 to 14, 1999

Overview

9 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 7 products from 5 vendors including Microsoft, Cisco, SUN, Macromedia, and Seapine Software. Vulnerabilities are notably categorized as .

  • 6 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

3 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-03-11 CVE-1999-0415 Cisco Unspecified vulnerability in Cisco 7XX Routers 3.2

The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration.

7.5
1999-03-12 CVE-1999-0382 Microsoft Unspecified vulnerability in Microsoft Windows NT 3.5.1/4.0

The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.

7.2
1999-03-08 CVE-1999-1371 SUN Unspecified vulnerability in SUN Sunos 5.5.1/5.7

Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument.

7.2

5 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-03-08 CVE-1999-0418 Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g.
6.4
1999-03-11 CVE-1999-1526 Macromedia Unspecified vulnerability in Macromedia Shockwave Flash Plugin 7.0

Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia.

5.0
1999-03-11 CVE-1999-0416 Cisco Unspecified vulnerability in Cisco 7XX Routers

Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port.

5.0
1999-03-08 CVE-1999-1567 Seapine Software Unspecified vulnerability in Seapine Software Testtrack

Seapine Software TestTrack server allows a remote attacker to cause a denial of service (high CPU) via (1) TestTrackWeb.exe and (2) ttcgi.exe by connecting to port 99 and disconnecting without sending any data.

5.0
1999-03-08 CVE-1999-1254 Microsoft Unspecified vulnerability in Microsoft Windows 95, Windows 98 and Windows NT

Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables.

5.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-03-09 CVE-1999-0417 SUN Unspecified vulnerability in SUN Sunos 5.7

64 bit Solaris 7 procfs allows local users to perform a denial of service.

2.1