Weekly Vulnerabilities Reports > May 29 to June 4, 2000
Overview
24 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 34 products from 28 vendors including Microsoft, IBM, Linux, Cisco, and Apple. Vulnerabilities are notably categorized as .
- 15 reported vulnerabilities are remotely exploitables.
- 24 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Linux has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
5 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2000-06-01 | CVE-2000-0509 | Sambar | Buffer Overflow vulnerability in Sambar Server 4.3 Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname. | 10.0 |
| 2000-06-01 | CVE-2000-0493 | Atrius Trivalie SN | Unspecified vulnerability in Atrius Trivalie SN Time Sync 1.0.1 Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string. | 10.0 |
| 2000-06-01 | CVE-2000-0490 | Netwin | Unspecified vulnerability in Netwin Dmail Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request. | 10.0 |
| 2000-06-01 | CVE-1999-0590 | Microsoft Linux Apple | A system does not present an appropriate legal message or warning to a user who is accessing it. | 10.0 |
| 2000-05-30 | CVE-2000-0488 | Ithouse | Unspecified vulnerability in Ithouse Mail Server 1.0.4 Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command. | 10.0 |
6 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2000-06-01 | CVE-2000-0474 | Realnetworks | Unspecified vulnerability in Realnetworks Realserver 7.0/7.0.1/8.0Beta Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory. | 7.8 |
| 2000-06-04 | CVE-2000-0536 | Xinetd | Unspecified vulnerability in Xinetd xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry. | 7.5 |
| 2000-06-01 | CVE-2000-0470 | Allegro | Unspecified vulnerability in Allegro ROM Pager 2.10 Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request. | 7.5 |
| 2000-06-01 | CVE-2000-0467 | SAM Lantinga | Unspecified vulnerability in SAM Lantinga Splitvt 1.6.3 Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function. | 7.2 |
| 2000-05-31 | CVE-2000-0530 | Caldera KDE | The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files. | 7.2 |
| 2000-05-29 | CVE-2000-0454 | Mandrakesoft | Unspecified vulnerability in Mandrakesoft Mandrake Linux 7.0 Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter. | 7.2 |
8 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2000-06-04 | CVE-2000-0492 | Passwd | Unspecified vulnerability in Passwd 1.2 PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords. | 5.0 |
| 2000-06-01 | CVE-2000-0507 | Concatus | Unspecified vulnerability in Concatus Imate Webmail Server 2.5 Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command. | 5.0 |
| 2000-06-01 | CVE-2000-0476 | Michael Jennings Putty Rxvt Xfree86 Project | Denial of Service vulnerability in Multiple Vendor xterm (and derivatives) xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized. | 5.0 |
| 2000-05-31 | CVE-2000-0505 | Apache IBM | The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. | 5.0 |
| 2000-05-30 | CVE-2000-0495 | Microsoft | Unspecified vulnerability in Microsoft Windows Media Services 4.0/4.1 Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. | 5.0 |
| 2000-05-30 | CVE-2000-0486 | Cisco | Unspecified vulnerability in Cisco IOS and Tacacs+ Buffer overflow in Cisco TACACS+ tac_plus server allows remote attackers to cause a denial of service via a malformed packet with a long length field. | 5.0 |
| 2000-05-29 | CVE-2000-0564 | Mirabilis | Unspecified vulnerability in Mirabilis ICQ The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter. | 5.0 |
| 2000-06-02 | CVE-2000-0468 | HP | Unspecified vulnerability in HP Hp-Ux 10.20/11.00 man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack. | 4.6 |
5 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2000-06-01 | CVE-2000-0487 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000 The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability. | 3.6 |
| 2000-05-30 | CVE-2000-0485 | Microsoft | Unspecified vulnerability in Microsoft SQL Server 6.5/7.0 Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. | 2.1 |
| 2000-05-30 | CVE-2000-0402 | Microsoft | Unspecified vulnerability in Microsoft SQL Server 7.0 The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. | 2.1 |
| 2000-05-29 | CVE-2000-0461 | Freebsd Netbsd | The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. | 2.1 |
| 2000-05-29 | CVE-2000-0455 | David Bagley | Unspecified vulnerability in David Bagley Xlock 4.16 Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option. | 2.1 |