Weekly Vulnerabilities Reports > September 20 to 26, 1999

Overview

14 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 18 products from 10 vendors including Microsoft, SUN, Knox Software, IBM, and Freebsd. Vulnerabilities are notably categorized as and "Permissions, Privileges, and Access Controls".

  • 7 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

8 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-09-24 CVE-1999-1484 Microsoft Buffer Overflow vulnerability in Microsoft MSN Setup Bulletin Board Services 4.71.0.10

Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured.

7.5
1999-09-23 CVE-1999-0777 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.

7.5
1999-09-20 CVE-1999-0909 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.

7.5
1999-09-23 CVE-1999-1534 Knox Software Buffer Overflow vulnerability in Knox Software Arkeia 4.0

Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia backup product allows local users to obtain root access via a long HOME environmental variable.

7.2
1999-09-23 CVE-1999-1477 Gnome
Mandrakesoft
Local Buffer Overflow vulnerability in GNOME espeaker

Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.

7.2
1999-09-23 CVE-1999-1013 IBM Unspecified vulnerability in IBM AIX 4.1.5/4.2.1

named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file.

7.2
1999-09-23 CVE-1999-0906 Suse Unspecified vulnerability in Suse Linux 6.2

Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.

7.2
1999-09-21 CVE-1999-0708 Infodrom Unspecified vulnerability in Infodrom Cfingerd 1.4.2

Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field.

7.2

5 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-09-24 CVE-1999-1578 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 4.0.1/5.0

Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.

5.1
1999-09-26 CVE-1999-0788 Knox Software Unspecified vulnerability in Knox Software Arkeia 4.0/4.1

Arkiea nlservd allows remote attackers to conduct a denial of service.

5.0
1999-09-24 CVE-1999-1351 Kvirc Unspecified vulnerability in Kvirc IRC Client 0.9.0

Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a ..

5.0
1999-09-23 CVE-1999-0908 SUN Unspecified vulnerability in SUN Solaris and Sunos

Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.

5.0
1999-09-22 CVE-1999-0786 SUN Unspecified vulnerability in SUN Solaris and Sunos

The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.

4.6

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-09-22 CVE-1999-0912 Freebsd Unspecified vulnerability in Freebsd 3.0/3.1/3.2

FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.

2.1