Weekly Vulnerabilities Reports > July 3 to 9, 2000

Overview

15 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 20 products from 16 vendors including Freebsd, Novell, Caldera, Mandrakesoft, and Microsoft. Vulnerabilities are notably categorized as .

  • 10 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities are exploitable by an anonymous user.
  • Freebsd has the most reported vulnerabilities, with 2 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-07-07 CVE-2000-0573 HP Remote Format String Stack Overwrite vulnerability in HP Hp-Ux 11.00

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

10.0

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-07-08 CVE-2000-0641 Michael Lamont Unspecified vulnerability in Michael Lamont Savant Webserver 2.1

Savant web server allows remote attackers to execute arbitrary commands via a long GET request.

7.5
2000-07-08 CVE-2000-0640 Steve Poulsen Unspecified vulnerability in Steve Poulsen Guildftpd 0.9.7

Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a ..

7.5
2000-07-07 CVE-2000-0651 Novell Unspecified vulnerability in Novell Bordermanager 3.0/3.5

The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine.

7.5
2000-07-04 CVE-2000-0590 CGI World Unspecified vulnerability in Cgi-World Poll IT 2.0

Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter.

7.5
2000-07-05 CVE-2000-0575 SSH Unspecified vulnerability in SSH 1.2.27

SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS.

7.2
2000-07-03 CVE-2000-0566 Caldera
Mandrakesoft
Redhat
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
7.2

8 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-07-05 CVE-2000-0571 West Street Software Unspecified vulnerability in West Street Software Localweb Http Server 1.2

LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request.

6.4
2000-07-07 CVE-2000-0574 Openbsd
Washington University
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
5.0
2000-07-05 CVE-2000-0591 Novell Unspecified vulnerability in Novell Bordermanager 3.0/3.5

Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL.

5.0
2000-07-05 CVE-2000-0576 Oracle Unspecified vulnerability in Oracle web Listener 4.0.7/4.0.8

Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.

5.0
2000-07-04 CVE-2000-0594 Caldera
Freebsd
Mandrakesoft
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
5.0
2000-07-07 CVE-2000-0603 Microsoft Unspecified vulnerability in Microsoft SQL Server 7.0

Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability.

4.6
2000-07-05 CVE-2000-0595 Freebsd Unspecified vulnerability in Freebsd

libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.

4.6
2000-07-05 CVE-2000-0572 Visible Systems Unspecified vulnerability in Visible Systems Razor 4.1

The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges.

4.6

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS