Weekly Vulnerabilities Reports > April 16 to 22, 2001

Overview

12 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 2 products from 2 vendors including Linux, and ISC. Vulnerabilities are notably categorized as and "Off-by-one Error".

  • 1 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-04-17 CVE-2001-1398 Linux Remote Security vulnerability in kernel

Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.

7.5

3 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-04-17 CVE-2001-1390 Linux Local Security vulnerability in kernel

Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.

6.2
2001-04-17 CVE-2001-1391 Linux Off-by-one Error vulnerability in Linux Kernel

Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.

5.5
2001-04-21 CVE-2001-1442 ISC Buffer Overflow vulnerability in innfeed Command-Line

Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.

4.6

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-04-17 CVE-2001-1396 Linux Local Security vulnerability in kernel

Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.

3.6
2001-04-17 CVE-2001-1395 Linux Local Security vulnerability in kernel

Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.

3.6
2001-04-17 CVE-2001-1400 Linux Denial-Of-Service vulnerability in kernel

Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).

2.1
2001-04-17 CVE-2001-1399 Linux Local Security vulnerability in kernel

Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."

2.1
2001-04-17 CVE-2001-1397 Linux Local Security vulnerability in kernel

The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.

2.1
2001-04-17 CVE-2001-1394 Linux Denial-Of-Service vulnerability in kernel

Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.

2.1
2001-04-17 CVE-2001-1393 Linux Denial-Of-Service vulnerability in kernel

Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).

2.1
2001-04-17 CVE-2001-1392 Linux Denial-Of-Service vulnerability in kernel

The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.

2.1