Weekly Vulnerabilities Reports > April 12 to 18, 1999

Overview

4 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 6 products from 4 vendors including Microsoft, Netbsd, Realnetworks, and Darren Reed. Vulnerabilities are notably categorized as .

  • 1 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-04-15 CVE-1999-1244 Darren Reed Unspecified vulnerability in Darren Reed Ipfilter

IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary files via a symlink attack on the saved output file.

7.2

2 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-04-12 CVE-1999-0444 Microsoft Denial-Of-Service vulnerability in Microsoft Windows 95, Windows 98 and Windows NT

Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.

5.0
1999-04-14 CVE-1999-1369 Realnetworks Unspecified vulnerability in Realnetworks Realserver 6.0.3.353

Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges.

4.6

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-04-12 CVE-1999-0446 Netbsd Unspecified vulnerability in Netbsd 1.3.1/1.3.2/1.3.3

Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.

2.1