Weekly Vulnerabilities Reports > July 2 to 8, 2001
Overview
57 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 68 products from 48 vendors including SUN, Microsoft, IBM, Cisco, and Freebsd. Vulnerabilities are notably categorized as .
- 44 reported vulnerabilities are remotely exploitables.
- 57 reported vulnerabilities are exploitable by an anonymous user.
- SUN has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Trend Micro has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-07-02 | CVE-2001-0464 | Crosswind | Remote Buffer Overflow vulnerability in Crosswind Cyberscheduler 2.1 Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter. | 10.0 |
| 2001-07-02 | CVE-2001-0432 | Trend Micro | Program Buffer Overflow vulnerability in Trend Micro Interscan Viruswall 3.0.1 Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands. | 10.0 |
| 2001-07-02 | CVE-2001-0431 | Iplanet | Remote Security vulnerability in Iplanet web Server 4.Xenterprise Vulnerability in iPlanet Web Server Enterprise Edition 4.x. | 10.0 |
24 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-07-06 | CVE-2001-1081 | Lucent Simon Horms | Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages. | 7.5 |
| 2001-07-05 | CVE-2001-1087 | Network Appliance | Unspecified vulnerability in Network Appliance Netcache The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device. | 7.5 |
| 2001-07-04 | CVE-2001-1086 | Xfree86 Project | Unspecified vulnerability in Xfree86 Project X11R6 3.3/3.3.3 XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack. | 7.5 |
| 2001-07-02 | CVE-2001-1161 | Lotus | Cross-Site Scripting vulnerability in Lotus Domino R5 Server 5.0.6 Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script. | 7.5 |
| 2001-07-02 | CVE-2001-1159 | Squirrelmail | Remote Command Execution vulnerability in Squirrelmail 1.0.4/1.0.5 load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. | 7.5 |
| 2001-07-02 | CVE-2001-1121 | Macromedia | Unspecified vulnerability in Macromedia Jrun 2.3.3/3.0 DEPRECATED. | 7.5 |
| 2001-07-02 | CVE-2001-1084 | Macromedia | Cross-Site Scripting vulnerability in Macromedia Jrun 2.3.3/3.0 Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. | 7.5 |
| 2001-07-02 | CVE-2001-0443 | QPC Software | Denial-Of-Service vulnerability in QPC Software QVT NET and QVT Term Plus Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via (1) a long username, or (2) a long password. | 7.5 |
| 2001-07-02 | CVE-2001-0440 | Licq Conectiva Mandrakesoft | Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. | 7.5 |
| 2001-07-02 | CVE-2001-0439 | Licq Conectiva Freebsd Mandrakesoft Redhat | licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | 7.5 |
| 2001-07-02 | CVE-2001-0436 | Dcscripts | Remote Command Execution vulnerability in DCForum 'AZ' Field dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. | 7.5 |
| 2001-07-02 | CVE-2001-0419 | Oracle | Unspecified vulnerability in Oracle Application Server 4.0.8.2 Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/. | 7.5 |
| 2001-07-02 | CVE-2001-0405 | Linux | Unspecified vulnerability in Linux Kernel ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall. | 7.5 |
| 2001-07-02 | CVE-2001-0400 | Matt Tourtillott | Unspecified vulnerability in Matt Tourtillott Nph-Maillist 3.0/3.5 nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address. | 7.5 |
| 2001-07-02 | CVE-2001-0395 | Lightwave | Information Disclosure vulnerability in Lightwave Consoleserver 3200 Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing. | 7.5 |
| 2001-07-02 | CVE-2001-0262 | Netscape | Unspecified vulnerability in Netscape Smartdownload 1.3 Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL. | 7.5 |
| 2001-07-02 | CVE-2001-0239 | Microsoft | Unspecified vulnerability in Microsoft ISA Server 2000 Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. | 7.5 |
| 2001-07-02 | CVE-2001-0238 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. | 7.5 |
| 2001-07-05 | CVE-2001-1076 | SUN | Buffer Overflow vulnerability in SUN Solaris and Sunos Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable. | 7.2 |
| 2001-07-02 | CVE-2001-0426 | SUN | Unspecified vulnerability in SUN Solaris and Sunos Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable. | 7.2 |
| 2001-07-02 | CVE-2001-0424 | Timecop Freebsd | BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id. | 7.2 |
| 2001-07-02 | CVE-2001-0423 | SUN | Buffer Overflow vulnerability in SUN Solaris 7.0 Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093. | 7.2 |
| 2001-07-02 | CVE-2001-0422 | SUN | Buffer Overflow vulnerability in SUN Solaris and Sunos Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable. | 7.2 |
| 2001-07-02 | CVE-2001-0387 | Hylafax | Local Format String vulnerability in Hylafax hfaxd Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument. | 7.2 |
24 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-07-02 | CVE-2001-1441 | IBM | Cross-Site Scripting vulnerability in IBM Visualage for Java 3.5 Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message. | 6.8 |
| 2001-07-02 | CVE-2001-0434 | Compaq | Unspecified vulnerability in Compaq Presario The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service. | 6.4 |
| 2001-07-02 | CVE-2001-0421 | SUN | Unspecified vulnerability in SUN Solaris and Sunos FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition. | 6.4 |
| 2001-07-07 | CVE-2001-1244 | Freebsd HP Linux Microsoft Netbsd Openbsd SUN | Denial of Service vulnerability in Multiple Vendor Small TCP MSS Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process. | 5.0 |
| 2001-07-06 | CVE-2001-1045 | Basilix | Unspecified vulnerability in Basilix Webmail 1.02Beta/1.03Beta Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2001-07-05 | CVE-2001-1408 | Cobalt | Directory Traversal vulnerability in Cobalt Qube and Webmail Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2001-07-04 | CVE-2001-1243 | Microsoft | Local DoS vulnerability in Microsoft products Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. | 5.0 |
| 2001-07-04 | CVE-2001-1075 | SUN | Unspecified vulnerability in SUN Cobalt RAQ 3I poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file. | 5.0 |
| 2001-07-03 | CVE-2001-1266 | Doug Neal | Directory Traversal vulnerability in Doug Neal Dnhttpd 0.4.1 Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. | 5.0 |
| 2001-07-02 | CVE-2001-1042 | Transsoft | Directory Traversal vulnerability in Transsoft Broker FTP Server 5.9.5.0 Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | 5.0 |
| 2001-07-02 | CVE-2001-0486 | Novell | Remote DoS vulnerability in Novell Bordermanager 3.0/3.5/3.6 Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353. | 5.0 |
| 2001-07-02 | CVE-2001-0437 | Dcscripts | Remote Command Execution vulnerability in DCForum 'AZ' Field upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file. | 5.0 |
| 2001-07-02 | CVE-2001-0429 | Cisco | Unspecified vulnerability in Cisco Catos Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service. | 5.0 |
| 2001-07-02 | CVE-2001-0428 | Cisco | Unspecified vulnerability in Cisco VPN 3000 Concentrator Series Software Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option. | 5.0 |
| 2001-07-02 | CVE-2001-0418 | NCM | Unspecified vulnerability in NCM Content Management System content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter. | 5.0 |
| 2001-07-02 | CVE-2001-0396 | Lightwave | Information Disclosure vulnerability in Lightwave Consoleserver 3200 The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users. | 5.0 |
| 2001-07-02 | CVE-2001-0391 | Imatix | Unspecified vulnerability in Imatix Xitami 2.4D7/2.5D4 Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory. | 5.0 |
| 2001-07-02 | CVE-2001-0390 | IBM | Denial of Service vulnerability in IBM products IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters. | 5.0 |
| 2001-07-02 | CVE-2001-0389 | IBM | Unspecified vulnerability in IBM Net.Commerce and Websphere Application Server IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. | 5.0 |
| 2001-07-02 | CVE-2001-0386 | Analogx | Denial of Service vulnerability in Simpleserver WWW AUX Directory AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. | 5.0 |
| 2001-07-02 | CVE-2001-0385 | Goahead Software | Denial of Service vulnerability in Goahead Software Goahead Webserver 2.1 GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. | 5.0 |
| 2001-07-02 | CVE-2001-0354 | Thenet | Denial of Service vulnerability in Thenet Checkbo 1.56 TheNet CheckBO 1.56 allows remote attackers to cause a denial of service via a flood of characters to the TCP ports which it is listening on. | 5.0 |
| 2001-07-02 | CVE-2001-0327 | Iplanet | Unspecified vulnerability in Iplanet web Server iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server. | 5.0 |
| 2001-07-02 | CVE-2001-0435 | PGP | Local Security vulnerability in PGP 7.0 The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate. | 4.6 |
6 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-07-05 | CVE-2001-1085 | JON Zeeff | Unspecified vulnerability in JON Zeeff Lmail 2.7 Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | 3.7 |
| 2001-07-02 | CVE-2001-0430 | Debian | Unspecified vulnerability in Debian Linux Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files. | 3.6 |
| 2001-07-02 | CVE-2001-0444 | Cisco | Unspecified vulnerability in Cisco Cbos 2.3.053/2.4.1 Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. | 2.1 |
| 2001-07-02 | CVE-2001-0438 | Netopia | Local Security vulnerability in Netopia Timbuktu mac Initial Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu. | 2.1 |
| 2001-07-02 | CVE-2001-0406 | Samba | Symbolic Link vulnerability in Samba Insecure TMP file Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient. | 2.1 |
| 2001-07-02 | CVE-2001-0384 | Siemens | Unspecified vulnerability in Siemens Reliant Unix ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file. | 2.1 |