Weekly Vulnerabilities Reports > July 2 to 8, 2001

Overview

56 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 69 products from 49 vendors including SUN, Microsoft, Cisco, IBM, and Freebsd. Vulnerabilities are notably categorized as "Improper Restriction of Excessive Authentication Attempts", and "Link Following".

  • 43 reported vulnerabilities are remotely exploitables.
  • 56 reported vulnerabilities are exploitable by an anonymous user.
  • SUN has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Trend Micro has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-07-02 CVE-2001-0464 Crosswind Remote Buffer Overflow vulnerability in Crosswind Cyberscheduler 2.1

Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.

10.0
2001-07-02 CVE-2001-0432 Trend Micro Program Buffer Overflow vulnerability in Trend Micro Interscan Viruswall 3.0.1

Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands.

10.0
2001-07-02 CVE-2001-0431 Iplanet Remote Security vulnerability in Iplanet web Server 4.Xenterprise

Vulnerability in iPlanet Web Server Enterprise Edition 4.x.

10.0
2001-07-02 CVE-2001-0395 Lightwavemo Improper Restriction of Excessive Authentication Attempts vulnerability in Lightwavemo Consoleserver 3200 Firmware

Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.

9.8

23 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-07-06 CVE-2001-1081 Lucent
Simon Horms
Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages.
7.5
2001-07-05 CVE-2001-1087 Network Appliance Unspecified vulnerability in Network Appliance Netcache

The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device.

7.5
2001-07-04 CVE-2001-1086 Xfree86 Project Unspecified vulnerability in Xfree86 Project X11R6 3.3/3.3.3

XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.

7.5
2001-07-02 CVE-2001-1161 Lotus Cross-Site Scripting vulnerability in Lotus Domino R5 Server 5.0.6

Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.

7.5
2001-07-02 CVE-2001-1159 Squirrelmail Remote Command Execution vulnerability in Squirrelmail 1.0.4/1.0.5

load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.

7.5
2001-07-02 CVE-2001-1084 Macromedia Cross-Site Scripting vulnerability in Macromedia Jrun 2.3.3/3.0

Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.

7.5
2001-07-02 CVE-2001-1042 Transsoft Link Following vulnerability in Transsoft Broker FTP Server 5.9.5.0

Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.

7.5
2001-07-02 CVE-2001-0443 QPC Software Denial-Of-Service vulnerability in QPC Software QVT NET and QVT Term Plus

Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via (1) a long username, or (2) a long password.

7.5
2001-07-02 CVE-2001-0440 Licq
Conectiva
Mandrakesoft
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
7.5
2001-07-02 CVE-2001-0439 Licq
Conectiva
Freebsd
Mandrakesoft
Redhat
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
7.5
2001-07-02 CVE-2001-0436 Dcscripts Remote Command Execution vulnerability in DCForum 'AZ' Field

dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a ..

7.5
2001-07-02 CVE-2001-0419 Oracle Unspecified vulnerability in Oracle Application Server 4.0.8.2

Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.

7.5
2001-07-02 CVE-2001-0405 Linux Unspecified vulnerability in Linux Kernel

ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.

7.5
2001-07-02 CVE-2001-0400 Matt Tourtillott Unspecified vulnerability in Matt Tourtillott Nph-Maillist 3.0/3.5

nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address.

7.5
2001-07-02 CVE-2001-0262 Netscape Unspecified vulnerability in Netscape Smartdownload 1.3

Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.

7.5
2001-07-02 CVE-2001-0239 Microsoft Unspecified vulnerability in Microsoft ISA Server 2000

Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.

7.5
2001-07-02 CVE-2001-0238 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.

7.5
2001-07-05 CVE-2001-1076 SUN Buffer Overflow vulnerability in SUN Solaris and Sunos

Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.

7.2
2001-07-02 CVE-2001-0426 SUN Unspecified vulnerability in SUN Solaris and Sunos

Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable.

7.2
2001-07-02 CVE-2001-0424 Timecop
Freebsd
BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.
7.2
2001-07-02 CVE-2001-0423 SUN Buffer Overflow vulnerability in SUN Solaris 7.0

Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093.

7.2
2001-07-02 CVE-2001-0422 SUN Buffer Overflow vulnerability in SUN Solaris and Sunos

Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.

7.2
2001-07-02 CVE-2001-0387 Hylafax Local Format String vulnerability in Hylafax hfaxd

Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.

7.2

23 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-07-02 CVE-2001-1441 IBM Cross-Site Scripting vulnerability in IBM Visualage for Java 3.5

Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.

6.8
2001-07-02 CVE-2001-0434 Compaq Unspecified vulnerability in Compaq Presario

The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service.

6.4
2001-07-02 CVE-2001-0421 SUN Unspecified vulnerability in SUN Solaris and Sunos

FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.

6.4
2001-07-07 CVE-2001-1244 Freebsd
HP
Linux
Microsoft
Netbsd
Openbsd
SUN
Denial of Service vulnerability in Multiple Vendor Small TCP MSS

Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.

5.0
2001-07-06 CVE-2001-1045 Basilix Unspecified vulnerability in Basilix Webmail 1.02Beta/1.03Beta

Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a ..

5.0
2001-07-05 CVE-2001-1408 Cobalt Directory Traversal vulnerability in Cobalt Qube and Webmail

Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a ..

5.0
2001-07-04 CVE-2001-1243 Microsoft Local DoS vulnerability in Microsoft products

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

5.0
2001-07-04 CVE-2001-1075 SUN Unspecified vulnerability in SUN Cobalt RAQ 3I

poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.

5.0
2001-07-03 CVE-2001-1266 Doug Neal Directory Traversal vulnerability in Doug Neal Dnhttpd 0.4.1

Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a ..

5.0
2001-07-02 CVE-2001-0486 Novell Remote DoS vulnerability in Novell Bordermanager 3.0/3.5/3.6

Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353.

5.0
2001-07-02 CVE-2001-0437 Dcscripts Remote Command Execution vulnerability in DCForum 'AZ' Field

upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.

5.0
2001-07-02 CVE-2001-0429 Cisco Unspecified vulnerability in Cisco Catos

Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.

5.0
2001-07-02 CVE-2001-0428 Cisco Unspecified vulnerability in Cisco VPN 3000 Concentrator Series Software

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option.

5.0
2001-07-02 CVE-2001-0418 NCM Unspecified vulnerability in NCM Content Management System

content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter.

5.0
2001-07-02 CVE-2001-0396 Lightwave Information Disclosure vulnerability in Lightwave Consoleserver 3200

The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users.

5.0
2001-07-02 CVE-2001-0391 Imatix Unspecified vulnerability in Imatix Xitami 2.4D7/2.5D4

Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.

5.0
2001-07-02 CVE-2001-0390 IBM Denial of Service vulnerability in IBM products

IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters.

5.0
2001-07-02 CVE-2001-0389 IBM Unspecified vulnerability in IBM Net.Commerce and Websphere Application Server

IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.

5.0
2001-07-02 CVE-2001-0386 Analogx Denial of Service vulnerability in Simpleserver WWW AUX Directory

AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.

5.0
2001-07-02 CVE-2001-0385 Goahead Software Denial of Service vulnerability in Goahead Software Goahead Webserver 2.1

GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.

5.0
2001-07-02 CVE-2001-0354 Thenet Denial of Service vulnerability in Thenet Checkbo 1.56

TheNet CheckBO 1.56 allows remote attackers to cause a denial of service via a flood of characters to the TCP ports which it is listening on.

5.0
2001-07-02 CVE-2001-0327 Iplanet Unspecified vulnerability in Iplanet web Server

iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server.

5.0
2001-07-02 CVE-2001-0435 PGP Local Security vulnerability in PGP 7.0

The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate.

4.6

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-07-05 CVE-2001-1085 JON Zeeff Unspecified vulnerability in JON Zeeff Lmail 2.7

Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

3.7
2001-07-02 CVE-2001-0430 Debian Unspecified vulnerability in Debian Linux

Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.

3.6
2001-07-02 CVE-2001-0444 Cisco Unspecified vulnerability in Cisco Cbos 2.3.053/2.4.1

Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.

2.1
2001-07-02 CVE-2001-0438 Netopia Local Security vulnerability in Netopia Timbuktu mac Initial

Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu.

2.1
2001-07-02 CVE-2001-0406 Samba Symbolic Link vulnerability in Samba Insecure TMP file

Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.

2.1
2001-07-02 CVE-2001-0384 Siemens Unspecified vulnerability in Siemens Reliant Unix

ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file.

2.1