Weekly Vulnerabilities Reports > June 19 to 25, 2000

Overview

29 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 23 products from 19 vendors including Debian, Netwin, Redhat, SGI, and Macromedia. Vulnerabilities are notably categorized as .

  • 19 reported vulnerabilities are remotely exploitables.
  • 29 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • ISC has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-06-24 CVE-2000-0585 ISC Unspecified vulnerability in ISC Dhcp Client 2.0/3.0B1

ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters.

10.0
2000-06-21 CVE-2000-0577 Netscape Unspecified vulnerability in Netscape Professional Services Ftpserver 1.3.6

Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a ..

10.0

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-06-22 CVE-2000-0562 ISS Unspecified vulnerability in ISS Blackice Agent and Blackice Defender

BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower.

7.5
2000-06-19 CVE-2000-0561 International Telecommunications Unspecified vulnerability in International Telecommunications International Telecommunications Webbbs 1.1.5/1.17

Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbitrary commands via a long HTTP GET request.

7.5
2000-06-21 CVE-2000-0607 Debian
Mandrakesoft
Redhat
Buffer Overflow vulnerability in Multiple Linux Vendor KON (Kanji On Console)

Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.

7.2
2000-06-21 CVE-2000-0606 Debian
Mandrakesoft
Redhat
Buffer Overflow vulnerability in Multiple Linux Vendor KON (Kanji On Console)

Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.

7.2
2000-06-20 CVE-2000-0533 SGI Unspecified vulnerability in SGI Workshop Debugger and Performance Tools 2.6

Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files.

7.2
2000-06-20 CVE-2000-0466 IBM Unspecified vulnerability in IBM AIX 4.3/4.3.1/4.3.2

AIX cdmount allows local users to gain root privileges via shell metacharacters.

7.2

19 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-06-22 CVE-2000-0539 Macromedia Unspecified vulnerability in Macromedia Jrun 2.3

Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g.

6.4
2000-06-25 CVE-2000-0601 Leafdigital Unspecified vulnerability in Leafdigital Leafchat 1.7

LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages.

5.0
2000-06-23 CVE-2000-0611 Netwin Unspecified vulnerability in Netwin Cwmail and Dmailweb

The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service.

5.0
2000-06-23 CVE-2000-0610 Netwin Unspecified vulnerability in Netwin Cwmail and Dmailweb

NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return.

5.0
2000-06-22 CVE-2000-0540 Macromedia Unspecified vulnerability in Macromedia Jrun 2.3

JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g.

5.0
2000-06-21 CVE-2000-0609 Netwin DoS vulnerability in Netwin DMailWeb & CWMail

NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to cause a denial of service via a long username parameter.

5.0
2000-06-21 CVE-2000-0608 Netwin DoS vulnerability in Netwin DMailWeb & CWMail

NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost).

5.0
2000-06-21 CVE-2000-0513 Debian Unspecified vulnerability in Debian Linux 2.2/2.3

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.

5.0
2000-06-21 CVE-2000-0511 Debian Unspecified vulnerability in Debian Linux 2.2/2.3

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request.

5.0
2000-06-21 CVE-2000-0510 Debian Unspecified vulnerability in Debian Linux 2.2/2.3

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request.

5.0
2000-06-21 CVE-2000-0500 BEA Unspecified vulnerability in BEA Weblogic Server

The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.

5.0
2000-06-19 CVE-2000-0620 Open Group
Xfree86 Project
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.
5.0
2000-06-19 CVE-2000-0529 Network Associates Unspecified vulnerability in Network Associates NET Tools PKI Server 1.0

Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP request.

5.0
2000-06-19 CVE-2000-0528 Network Associates Unspecified vulnerability in Network Associates NET Tools PKI Server 1.0

Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files.

5.0
2000-06-19 CVE-2000-0504 Gnome
Open Group
Xfree86 Project
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
5.0
2000-06-22 CVE-2000-0618 Stanley T Shebs Unspecified vulnerability in Stanley T. Shebs Xconq 7.2.2

Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long DISPLAY environmental variable.

4.6
2000-06-22 CVE-2000-0617 Stanley T Shebs Unspecified vulnerability in Stanley T. Shebs Xconq 7.2.2

Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long USER environmental variable.

4.6
2000-06-21 CVE-2000-0604 Redhat Unspecified vulnerability in Redhat Linux 6.2

gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp.

4.6
2000-06-21 CVE-2000-0602 Kevin Lindsay Unspecified vulnerability in Kevin Lindsay Secure Locate 2.0/2.1

Secure Locate (slocate) in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATE_PATH environmental variable.

4.6

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-06-21 CVE-2000-0579 SGI Unspecified vulnerability in SGI Irix 6.3/6.5

IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited.

3.7
2000-06-21 CVE-2000-0578 SGI Unspecified vulnerability in SGI Mipspro Compilers 7.1/7.2.1

SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user.

3.7