Weekly Vulnerabilities Reports > March 15 to 21, 1999

Overview

8 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 8 products from 7 vendors including Netbsd, Suse, Slackware, Netscape, and Redhat. Vulnerabilities are notably categorized as .

  • 2 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities are exploitable by an anonymous user.
  • Netbsd has the most reported vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

3 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-03-17 CVE-1999-0462 Suse Unspecified vulnerability in Suse Linux 5.3

suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g.

7.2
1999-03-17 CVE-1999-0421 Slackware Unspecified vulnerability in Slackware Linux 3.6

During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password.

7.2
1999-03-17 CVE-1999-0420 Netbsd Denial-Of-Service vulnerability in Umapfs

umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program.

7.2

4 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-03-18 CVE-1999-0425 Netscape Denial-Of-Service vulnerability in Netscape Communicator 4.5

talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.

6.4
1999-03-21 CVE-1999-0482 Openbsd Denial-Of-Service vulnerability in OpenBSD Kernel

OpenBSD kernel crash through TSS handling, as caused by the crashme program.

5.0
1999-03-21 CVE-1999-0433 Xfree86 Project
Netbsd
Redhat
Slackware
Suse
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
4.6
1999-03-17 CVE-1999-0422 Netbsd Local Security vulnerability in Netbsd 1.3.3

In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set.

4.6

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-03-18 CVE-1999-0424 Netscape Denial-Of-Service vulnerability in Netscape Communicator 4.5

talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.

2.1