Weekly Vulnerabilities Reports > January 8 to 14, 2001

Overview

115 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 39 high severity vulnerabilities. This weekly summary report vulnerabilities in 90 products from 68 vendors including Microsoft, IBM, Recourse Technologies, Network Associates, and Redhat. Vulnerabilities are notably categorized as and "Use of Hard-coded Credentials".

  • 69 reported vulnerabilities are remotely exploitables.
  • 114 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-01-09 CVE-2000-1172 ROB Flynn Remote Buffer Overflow vulnerability in Gaim 0.10/0.10.3

Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to conduct a denial of service and possibly execute arbitrary commands via a long HTML tag.

10.0
2001-01-09 CVE-2000-1157 Network Associates Buffer Overflow vulnerability in Network Associates Sniffer Agent 3.0.10

Buffer overflow in NAI Sniffer Agent allows remote attackers to execute arbitrary commands via a long SNMP community name.

10.0
2001-01-09 CVE-2000-1126 HP Unspecified vulnerability in HP Hp-Ux

Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service.

10.0
2001-01-09 CVE-2000-1089 Microsoft Unspecified vulnerability in Microsoft Windows 2000 and Windows NT

Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.

10.0
2001-01-09 CVE-2000-1164 ATT Unspecified vulnerability in ATT Winvnc 3.3.3/3.3.3R7

WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system.

9.0

39 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-01-11 CVE-2001-1044 Basilix Unspecified vulnerability in Basilix Webmail 0.9.7Beta

Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.

7.5
2001-01-10 CVE-2001-1464 Businessobjects Unspecified vulnerability in Businessobjects Crystal Reports

Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.

7.5
2001-01-09 CVE-2000-1187 Netscape Unspecified vulnerability in Netscape Communicator and Navigator

Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.

7.5
2001-01-09 CVE-2000-1186 PHF Unspecified vulnerability in PHF

Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header.

7.5
2001-01-09 CVE-2000-1176 Yabb Unspecified vulnerability in Yabb 20000911

Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a ..

7.5
2001-01-09 CVE-2000-1174 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal

Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.

7.5
2001-01-09 CVE-2000-1170 Pelesoft Unspecified vulnerability in Pelesoft Netsnap 1.2

Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request.

7.5
2001-01-09 CVE-2000-1169 Openbsd Unspecified vulnerability in Openbsd Openssh 2.2

OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.

7.5
2001-01-09 CVE-2000-1168 IBM Denial of Service vulnerability in IBM Http Server 1.3.6.3

IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

7.5
2001-01-09 CVE-2000-1167 Freebsd Unspecified vulnerability in Freebsd

ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.

7.5
2001-01-09 CVE-2000-1166 Twig Development Team Unspecified vulnerability in Twig Development Team Twig 2.5.1

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.

7.5
2001-01-09 CVE-2000-1161 Adcycle Unspecified vulnerability in Adcycle 0.77B

The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.

7.5
2001-01-09 CVE-2000-1159 Network Associates Unspecified vulnerability in Network Associates Sniffer Agent 3.0.10

NAI Sniffer Agent allows remote attackers to gain privileges on the agent by sniffing the initial UDP authentication packets and spoofing commands.

7.5
2001-01-09 CVE-2000-1158 Network Associates Unspecified vulnerability in Network Associates Sniffer Agent 3.0.10

NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords.

7.5
2001-01-09 CVE-2000-1149 Microsoft Unspecified vulnerability in Microsoft Windows NT Terminalserver

Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.

7.5
2001-01-09 CVE-2000-1139 Microsoft USE of Hard-Coded Credentials vulnerability in Microsoft Exchange Server 2000

The installation of Microsoft Exchange 2000 before Rev.

7.5
2001-01-09 CVE-2000-1138 IBM Unspecified vulnerability in IBM Lotus Notes

Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected.

7.5
2001-01-09 CVE-2000-1131 Bill Kendrick Unspecified vulnerability in Bill Kendrick Gbook.Cgi 1.0

Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable.

7.5
2001-01-09 CVE-2000-1130 Network Associates Unspecified vulnerability in Network Associates Webshield Smtp 4.5

McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment.

7.5
2001-01-09 CVE-2000-1118 24Link Unspecified vulnerability in 24Link 1.06

24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request.

7.5
2001-01-09 CVE-2000-1116 Transsoft Unspecified vulnerability in Transsoft Broker FTP Server 3.0/3.0Build1/4.0

Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long command.

7.5
2001-01-09 CVE-2000-1115 Software602 Unspecified vulnerability in Software602 602Pro LAN Suite

Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

7.5
2001-01-09 CVE-2000-1113 Microsoft Unspecified vulnerability in Microsoft Windows Media Player 6.4/7

Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.

7.5
2001-01-09 CVE-2000-1104 Microsoft Unspecified vulnerability in Microsoft products

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client.

7.5
2001-01-09 CVE-2000-1100 Trlinux Unspecified vulnerability in Trlinux Postaci Webmail 1.1.3

The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.

7.5
2001-01-09 CVE-2000-1094 AOL Unspecified vulnerability in AOL Instant Messenger

Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.

7.5
2001-01-09 CVE-2000-1093 AOL Unspecified vulnerability in AOL Instant Messenger

Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command.

7.5
2001-01-09 CVE-2000-1189 Redhat Unspecified vulnerability in Redhat Linux

Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.

7.2
2001-01-09 CVE-2000-1183 NEC Unspecified vulnerability in NEC Socks 5 1.0R5

Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request.

7.2
2001-01-09 CVE-2000-1175 JAN Hubicka Buffer Overflow vulnerability in JAN Hubicka Koules 1.4

Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument.

7.2
2001-01-09 CVE-2000-1134 Immunix
Conectiva
Caldera
HP
Mandrakesoft
Redhat
Suse
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
7.2
2001-01-09 CVE-2000-1125 Redhat Unspecified vulnerability in Redhat Linux 6.2/6.2E

restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.

7.2
2001-01-09 CVE-2000-1124 IBM Unspecified vulnerability in IBM AIX

Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.

7.2
2001-01-09 CVE-2000-1123 IBM Unspecified vulnerability in IBM AIX

Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.

7.2
2001-01-09 CVE-2000-1122 IBM Unspecified vulnerability in IBM AIX

Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.

7.2
2001-01-09 CVE-2000-1121 IBM Unspecified vulnerability in IBM AIX

Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.

7.2
2001-01-09 CVE-2000-1120 IBM Unspecified vulnerability in IBM AIX

Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.

7.2
2001-01-09 CVE-2000-1103 Bsdi Unspecified vulnerability in Bsdi BSD OS

rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.

7.2
2001-01-09 CVE-2000-1095 Immunix
Conectiva
Mandrakesoft
Redhat
Suse
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
7.2

59 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-01-09 CVE-2000-1132 Dcscripts Unspecified vulnerability in Dcscripts Dcforum

DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.

6.4
2001-01-09 CVE-2000-1099 SUN Unspecified vulnerability in SUN JDK

Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities.

5.1
2001-01-12 CVE-2001-1385 PHP
Mandrakesoft
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
5.0
2001-01-09 CVE-2000-1188 I Soft Unspecified vulnerability in I-Soft Quikstore 2.0/2.9.10/2.9.5

Directory traversal vulnerability in Quikstore shopping cart program allows remote attackers to read arbitrary files via a ..

5.0
2001-01-09 CVE-2000-1185 Itserv Incorporated Denial of Service vulnerability in Itserv Incorporated Ridewaypn 6.22

The telnet proxy in RideWay PN proxy server allows remote attackers to cause a denial of service via a flood of connections that contain malformed requests.

5.0
2001-01-09 CVE-2000-1184 Freebsd Unspecified vulnerability in Freebsd

telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file.

5.0
2001-01-09 CVE-2000-1182 Watchguard Unspecified vulnerability in Watchguard Firebox II 4.1/4.5

WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling.

5.0
2001-01-09 CVE-2000-1181 Realnetworks Unspecified vulnerability in Realnetworks Realserver 5.0/6.0/7.0

Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.

5.0
2001-01-09 CVE-2000-1179 Netopia Unspecified vulnerability in Netopia 650-St Isdn Router 3.3.2Firmware

Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.

5.0
2001-01-09 CVE-2000-1177 BB4 CGI vulnerability in BB4 Big Brother

bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother (BB) before 1.5d3 allows remote attackers to determine the existence of files and user ID's by specifying the target file in the HISTFILE parameter.

5.0
2001-01-09 CVE-2000-1173 Microsys Unspecified vulnerability in Microsys Cyberpatrol 4.04.003/4.04.005

Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information.

5.0
2001-01-09 CVE-2000-1171 Markus Triska Unspecified vulnerability in Markus Triska Cgiforum 1.0

Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a ..

5.0
2001-01-09 CVE-2000-1165 Balabit Unspecified vulnerability in Balabit Syslog-Ng 1.4.7/1.4.8

Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier.

5.0
2001-01-09 CVE-2000-1160 Network Associates Denial of Service vulnerability in Network Associates Sniffer Agent 3.0.10

NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large number of login requests.

5.0
2001-01-09 CVE-2000-1155 JOE Kloss Unspecified vulnerability in JOE Kloss Robinhood 1.1

RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request.

5.0
2001-01-09 CVE-2000-1154 JOE Kloss Unspecified vulnerability in JOE Kloss Robinhood 1.1

RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request.

5.0
2001-01-09 CVE-2000-1153 Kenny Carruthers Unspecified vulnerability in Kenny Carruthers Postmaster 1.0

PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.

5.0
2001-01-09 CVE-2000-1152 BE Unspecified vulnerability in BE Beos 4.5/5

Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.

5.0
2001-01-09 CVE-2000-1151 Abisoft Unspecified vulnerability in Abisoft Baxter X/Y

Baxter IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.

5.0
2001-01-09 CVE-2000-1150 Xavier Ducrohet Unspecified vulnerability in Xavier Ducrohet Felix 2.3

Felix IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.

5.0
2001-01-09 CVE-2000-1133 Flicks Software Authentication vulnerability in Flicks Software Authentix 5.1C

Authentix Authentix100 allows remote attackers to bypass authentication by inserting a .

5.0
2001-01-09 CVE-2000-1129 Network Associates Unspecified vulnerability in Network Associates Webshield Smtp 4.5

McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field.

5.0
2001-01-09 CVE-2000-1117 IBM Unspecified vulnerability in IBM Lotus Notes R5

The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.

5.0
2001-01-09 CVE-2000-1114 Unify Unspecified vulnerability in Unify Ewave Servletexec 3.0/3.0C

Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".

5.0
2001-01-09 CVE-2000-1111 Microsoft Unspecified vulnerability in Microsoft Windows 2000

Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.

5.0
2001-01-09 CVE-2000-1110 IBM Path Disclosure vulnerability in IBM Net.Data 7.0

document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.

5.0
2001-01-09 CVE-2000-1107 Suse Unspecified vulnerability in Suse Linux

in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash.

5.0
2001-01-09 CVE-2000-1102 Ptlink Denial of Service vulnerability in Ptlink IRC Services and Ptlink Ircd

PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to cause a denial of service (server crash) via "mode +owgscfxeb" and "oper" commands.

5.0
2001-01-09 CVE-2000-1101 Texas Imperial Software Unspecified vulnerability in Texas Imperial Software Wftpd 2.41Rc14/3.0

Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the ..

5.0
2001-01-09 CVE-2000-1098 Sonicwall Unspecified vulnerability in Sonicwall Soho Firewall 4.0.0/5.0.0

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request.

5.0
2001-01-09 CVE-2000-1097 Sonicwall Unspecified vulnerability in Sonicwall Soho Firewall 4.0.0/5.0.0

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.

5.0
2001-01-09 CVE-2000-1092 Alex Heiphetz Group Directory Traversal vulnerability in Alex Heiphetz Group Ezshopper 2.0/3.0

loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter.

5.0
2001-01-09 CVE-2000-1039 Microsoft Unspecified vulnerability in Microsoft products

Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities.

5.0
2001-01-09 CVE-2000-0899 MAX Feoktistov Denial of Service vulnerability in MAX Feoktistov Small Http Server 2.01

Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the server and sending out multiple GET, HEAD, or POST requests and closing the connection before the server responds to the requests.

5.0
2001-01-09 CVE-2000-0898 MAX Feoktistov Unspecified vulnerability in MAX Feoktistov Small Http Server 2.01

Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file.

5.0
2001-01-09 CVE-2000-0897 MAX Feoktistov Unspecified vulnerability in MAX Feoktistov Small Http Server 2.01

Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed.

5.0
2001-01-09 CVE-2000-1180 Oracle Unspecified vulnerability in Oracle Oracle8I 8.1.5

Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument.

4.6
2001-01-09 CVE-2000-1163 Aladdin Enterprises Unspecified vulnerability in Aladdin Enterprises Ghostscript

ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.

4.6
2001-01-09 CVE-2000-1148 Volano LLC Unspecified vulnerability in Volano LLC Volanochatpro 2.1

The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server.

4.6
2001-01-09 CVE-2000-1147 Microsoft Buffer Overflow vulnerability in Microsoft Internet Information Server 4.0

Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag.

4.6
2001-01-09 CVE-2000-1145 Recourse Technologies Unspecified vulnerability in Recourse Technologies Mantrap 1.6.1

Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or fsdb to read /dev/mem and raw disk devices to identify ManTrap processes or modify arbitrary data files.

4.6
2001-01-09 CVE-2000-1137 GNU Unspecified vulnerability in GNU ED

GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.

4.6
2001-01-09 CVE-2000-1136 Debian Unspecified vulnerability in Debian Elvis Tiny 1.4.9

elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack.

4.6
2001-01-09 CVE-2000-1135 Debian Unspecified vulnerability in Debian Linux 2.1/2.2

fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.

4.6
2001-01-09 CVE-2000-1128 Mcafee Unspecified vulnerability in Mcafee Virusscan 4.5

The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.

4.6
2001-01-09 CVE-2000-1119 IBM Unspecified vulnerability in IBM AIX

Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.

4.6
2001-01-09 CVE-2000-1112 Microsoft Unspecified vulnerability in Microsoft Windows Media Player 6.4/7

Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability.

4.6
2001-01-09 CVE-2000-1109 Midnight Commander Unspecified vulnerability in Midnight Commander Midnight Commander

Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed.

4.6
2001-01-09 CVE-2000-1108 Midnight Commander Unspecified vulnerability in Midnight Commander Midnight Commander 4.5.42

cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.

4.6
2001-01-09 CVE-2000-1106 Trend Micro Unspecified vulnerability in Trend Micro Interscan Viruswall

Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs.

4.6
2001-01-09 CVE-2000-1088 Microsoft Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server

The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

4.6
2001-01-09 CVE-2000-1087 Microsoft Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server

The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

4.6
2001-01-09 CVE-2000-1086 Microsoft Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server

The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

4.6
2001-01-09 CVE-2000-1085 Microsoft Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server

The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

4.6
2001-01-09 CVE-2000-1084 Microsoft Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server

The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

4.6
2001-01-09 CVE-2000-1082 Microsoft Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server

The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

4.6
2001-01-09 CVE-2000-1081 Microsoft Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server

The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

4.6
2001-01-08 CVE-2001-1037 Cisco Unspecified vulnerability in Cisco SN 5420 Storage Router Firmware 1.1(2)/1.1(3)

Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged.

4.6
2001-01-09 CVE-2000-1105 Microsoft Unspecified vulnerability in Microsoft Indexing Service

The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.

4.3

12 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-01-09 CVE-2000-1162 Aladdin Enterprises Unspecified vulnerability in Aladdin Enterprises Ghostscript

ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.

3.7
2001-01-09 CVE-2000-1096 Paul Vixie Unspecified vulnerability in Paul Vixie Cron 3.0Pl1

crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.

3.7
2001-01-09 CVE-2000-1156 SUN Symbolic Link vulnerability in SUN Staroffice 5.2

StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.

3.6
2001-01-09 CVE-2000-1127 HP Local Arbitrary File Read vulnerability in HP Hp-Ux 10.20

registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable.

3.6
2001-01-09 CVE-2000-1178 Joseph Allen Unspecified vulnerability in Joseph Allen JOE 2.8

Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.

2.1
2001-01-09 CVE-2000-1146 Recourse Technologies Unspecified vulnerability in Recourse Technologies Mantrap 1.6.1

Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.

2.1
2001-01-09 CVE-2000-1144 Recourse Technologies Unspecified vulnerability in Recourse Technologies Mantrap 1.6.1

Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.

2.1
2001-01-09 CVE-2000-1143 Recourse Technologies Unspecified vulnerability in Recourse Technologies Mantrap 1.6.1

Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.

2.1
2001-01-09 CVE-2000-1142 Recourse Technologies Unspecified vulnerability in Recourse Technologies Mantrap 1.6.1

Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system.

2.1
2001-01-09 CVE-2000-1141 Recourse Technologies Unspecified vulnerability in Recourse Technologies Mantrap 1.6.1

Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.

2.1
2001-01-09 CVE-2000-1140 Recourse Technologies Unspecified vulnerability in Recourse Technologies Mantrap 1.6.1

Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem.

2.1
2001-01-09 CVE-2000-1083 Microsoft Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server

The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

2.1