Weekly Vulnerabilities Reports > May 31 to June 6, 1999
13 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 16 products from 14 vendors including Redhat, Apache, KDE, Apple, and Linux. Vulnerabilities are notably categorized as and "Classic Buffer Overflow".
- 9 reported vulnerabilities are remotely exploitables.
- 13 reported vulnerabilities are exploitable by an anonymous user.
- Redhat has the most reported vulnerabilities, with 3 reported vulnerabilities.
- Apache has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
|1999-06-06||CVE-1999-1237||Apache|| Classic Buffer Overflow vulnerability in Apache Http Server |
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
|1999-06-01||CVE-1999-1063||Cdomain|| Remote File Execution vulnerability in CDomainFree |
CDomain whois_raw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter.
1 High Vulnerabilities
|1999-06-01||CVE-2000-0373||KDE|| Unspecified vulnerability in KDE KVT |
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.
9 Medium Vulnerabilities
1 Low Vulnerabilities
|1999-06-03||CVE-1999-1400||THE Economist|| Unspecified vulnerability in the Economist the Economist 1999 Screen Saver |
The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked.