Weekly Vulnerabilities Reports > December 20 to 26, 1999

Overview

28 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 29 products from 23 vendors including Microsoft, Redhat, SUN, Netscape, and Lotus. Vulnerabilities are notably categorized as .

  • 22 reported vulnerabilities are remotely exploitables.
  • 28 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 4 reported vulnerabilities.
  • Redhat has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-12-26 CVE-2000-0010 Tony Greenwood Unspecified vulnerability in Tony Greenwood Webwho+ 1.1

WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.

10.0
1999-12-23 CVE-2000-0040 Glftpd Unspecified vulnerability in Glftpd 1.17.2

glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.

10.0
1999-12-22 CVE-2000-0032 SUN Unspecified vulnerability in SUN Solaris and Sunos

Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.

10.0
1999-12-22 CVE-2000-0002 Zbsoft Unspecified vulnerability in Zbsoft Zbserver 1.5

Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.

10.0
1999-12-21 CVE-2000-0026 Windowmaker
SCO
Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.
10.0
1999-12-21 CVE-2000-0017 Redhat Unspecified vulnerability in Redhat Linux

Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.

10.0

7 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-12-25 CVE-1999-0477 Allaire Unspecified vulnerability in Allaire Coldfusion Server

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.

7.5
1999-12-25 CVE-1999-0455 Allaire Unspecified vulnerability in Allaire Coldfusion Server 4.0

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.

7.5
1999-12-23 CVE-2000-0038 Glftpd Remote Security vulnerability in Glftpd

glFtpD includes a default glftpd user account with a default password and a UID of 0.

7.5
1999-12-20 CVE-1999-0997 Millenux Gmbh
University OF Washington
Redhat
wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g.
7.5
1999-12-22 CVE-2000-0119 Mcafee
Symantec
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.
7.2
1999-12-22 CVE-2000-0018 Windowmaker Unspecified vulnerability in Windowmaker Wmmon 1.0B2

wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file.

7.2
1999-12-21 CVE-1999-1497 Ipswitch Weak Password Encryption vulnerability in IMail

Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.

7.2

12 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-12-21 CVE-2000-0024 Microsoft Unspecified vulnerability in Microsoft products

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

6.4
1999-12-23 CVE-2000-0001 Realnetworks Unspecified vulnerability in Realnetworks Realserver 5.0

RealMedia server allows remote attackers to cause a denial of service via a long ramgen request.

5.0
1999-12-22 CVE-2000-0036 Microsoft Unspecified vulnerability in Microsoft IE and Outlook Express

Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.

5.0
1999-12-22 CVE-2000-0034 Netscape Remote Security vulnerability in Netscape Communicator 4.7

Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."

5.0
1999-12-22 CVE-2000-0030 SUN Unspecified vulnerability in SUN Solaris and Sunos

Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.

5.0
1999-12-22 CVE-1999-1109 Sendmail Unspecified vulnerability in Sendmail

Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.

5.0
1999-12-22 CVE-1999-1066 SGI Unspecified vulnerability in SGI Quake 1 Server

Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request.

5.0
1999-12-21 CVE-2000-0025 Microsoft Unspecified vulnerability in Microsoft products

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.

5.0
1999-12-21 CVE-2000-0023 Lotus Unspecified vulnerability in Lotus Domino Server 4.6/4.6.X

Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL.

5.0
1999-12-21 CVE-2000-0022 Lotus Unspecified vulnerability in Lotus Domino Server 4.6/4.6.X

Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory.

5.0
1999-12-20 CVE-2000-0020 MAN AND Mice Denial-Of-Service vulnerability in MAN and Mice DNS PRO 5.7

DNS PRO allows remote attackers to conduct a denial of service via a large number of connections.

5.0
1999-12-24 CVE-1999-0892 Netscape Unspecified vulnerability in Netscape Communicator 4.5

Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.

4.6

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-12-25 CVE-2000-0006 Paul Kranenburg
Linux
strace allows local users to read arbitrary files via memory mapped file names.
2.6
1999-12-23 CVE-2000-0028 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.

2.6
1999-12-26 CVE-2000-0008 1ST Choice Software Unspecified vulnerability in 1ST Choice Software Ftppro 7.5

FTPPro allows local users to read sensitive information, which is stored in plain text.

2.1