Weekly Vulnerabilities Reports > September 13 to 19, 1999

Overview

16 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 19 products from 16 vendors including SUN, Matt Wright, CDE, Microsoft, and IBM. Vulnerabilities are notably categorized as and "Configuration".

  • 11 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 15 reported vulnerabilities are exploitable by an anonymous user.
  • SUN has the most reported vulnerabilities, with 4 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-09-16 CVE-1999-0953 Matt Wright Unspecified vulnerability in Matt Wright Wwwboard 2.0Alpha2.1

WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.

10.0
1999-09-15 CVE-1999-0817 University OF Kansas Remote Security vulnerability in Lynx

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g.

10.0
1999-09-13 CVE-1999-0759 Fuseware Unspecified vulnerability in Fuseware Fusemail 2.7

Buffer overflow in FuseMAIL POP service via long USER and PASS commands.

10.0
1999-09-16 CVE-1999-0704 Bsdi
Freebsd
Redhat
Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.
9.3
1999-09-17 CVE-1999-0886 Microsoft Configuration vulnerability in Microsoft Windows NT 4.0

The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.

9.0

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-09-16 CVE-1999-0954 Matt Wright Unspecified vulnerability in Matt Wright Wwwboard 2.0Alpha2

WWWBoard has a default username and default password.

7.5
1999-09-16 CVE-1999-0890 Ihtml Merchant Unspecified vulnerability in Ihtml Merchant Ihtml Merchant

iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error.

7.5
1999-09-13 CVE-1999-1053 Apache
Matt Wright
Remote Command Execution vulnerability in Guestbook CGI

guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

7.5
1999-09-13 CVE-1999-0687 CDE
Digital
IBM
SUN
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
7.5
1999-09-13 CVE-1999-0691 CDE
Digital
IBM
SUN
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
7.2
1999-09-13 CVE-1999-0689 CDE
SUN
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
7.2

3 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-09-13 CVE-1999-0750 Microsoft Unspecified vulnerability in Microsoft Hotmail

Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account.

5.1
1999-09-13 CVE-1999-0751 Netscape Buffer Overflow vulnerability in Netscape Enterprise Accept

Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.

5.0
1999-09-13 CVE-1999-1014 SUN Unspecified vulnerability in SUN Solaris and Sunos

Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument.

4.6

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-09-17 CVE-1999-0787 SSH Unspecified vulnerability in SSH 1.2.27

The SSH authentication agent follows symlinks via a UNIX domain socket.

2.1
1999-09-16 CVE-1999-0907 Steven J Merrifield Local Security vulnerability in Steven J. Merrifield Soundcard CW 1.1

sccw allows local users to read arbitrary files.

2.1