Weekly Vulnerabilities Reports > February 14 to 20, 2000

Overview

13 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 14 products from 5 vendors including Microsoft, SCO, HP, Netbsd, and SUN. Vulnerabilities are notably categorized as and "Code Injection".

  • 6 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-02-15 CVE-2000-0222 Microsoft Unspecified vulnerability in Microsoft Windows 2000

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.

10.0

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-02-18 CVE-2000-0161 Microsoft Unspecified vulnerability in Microsoft Site Server 3.0

Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.

7.5
2000-02-17 CVE-2000-0159 HP Unspecified vulnerability in HP Hp-Ux 11.00

HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.

7.5
2000-02-16 CVE-2000-0158 SCO Buffer Overflow vulnerability in SCO MMDF

Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon.

7.5
2000-02-20 CVE-2000-0164 SUN Unspecified vulnerability in SUN Solaris ISP Server 2.0

The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords.

7.2
2000-02-18 CVE-2000-0155 Microsoft Code Injection vulnerability in Microsoft Windows 95, Windows 98 and Windows NT

Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive.

7.2
2000-02-16 CVE-2000-0094 Netbsd Unspecified vulnerability in Netbsd 1.4.1

procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr.

7.2

3 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-02-18 CVE-2000-0162 Microsoft Unspecified vulnerability in Microsoft IE, Internet Explorer and Visual Studio

The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.

5.1
2000-02-16 CVE-2000-0156 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.

5.1
2000-02-14 CVE-2000-0197 Microsoft Unspecified vulnerability in Microsoft Windows NT 4.0

The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.

4.6

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-02-15 CVE-2000-0167 Microsoft Unspecified vulnerability in Microsoft Internet Information Server 4.0

IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.

2.1
2000-02-16 CVE-2000-0154 SCO Unspecified vulnerability in SCO Unixware 7.1/7.1.1

The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.

1.2
2000-02-15 CVE-2000-0224 SCO Unspecified vulnerability in SCO Unixware 7.1/7.1.1

ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.

1.2