Weekly Vulnerabilities Reports > July 9 to 15, 2001

Overview

25 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 27 products from 24 vendors including Checkpoint, Cisco, Info ZIP, IBM, and GNU. Vulnerabilities are notably categorized as .

  • 16 reported vulnerabilities are remotely exploitables.
  • 25 reported vulnerabilities are exploitable by an anonymous user.
  • Checkpoint has the most reported vulnerabilities, with 2 reported vulnerabilities.
  • 3Com has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-07-13 CVE-2001-1053 Adcycle Unspecified vulnerability in Adcycle

AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.

10.0
2001-07-12 CVE-2001-1291 3Com Weak Password Protection vulnerability in 3Com Superstack II PS HUB 40

The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.

10.0
2001-07-11 CVE-2001-1240 Engardelinux Unspecified vulnerability in Engardelinux Secure Linux 1.0.1

The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.

10.0

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-07-12 CVE-2001-1176 Checkpoint Unspecified vulnerability in Checkpoint Firewall-1, Provider-1 and Vpn-1

Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.

7.5
2001-07-11 CVE-2001-1427 Macromedia Unspecified vulnerability in Macromedia Coldfusion

Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.

7.5
2001-07-09 CVE-2001-1158 Checkpoint Unspecified vulnerability in Checkpoint Firewall-1 4.1/4.1Build41439

Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.

7.5
2001-07-09 CVE-2001-1026 Trend Micro Unspecified vulnerability in Trend Micro Interscan Applettrap 2.0

Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address.

7.5
2001-07-11 CVE-2001-1178 Xfree86 Project Unspecified vulnerability in Xfree86 Project X11R6 3.3.2

Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.

7.2
2001-07-10 CVE-2001-1180 Freebsd Unspecified vulnerability in Freebsd

FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.

7.2

9 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-07-11 CVE-2001-1120 Allaire Unspecified vulnerability in Allaire Coldfusion Server

Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.

6.4
2001-07-13 CVE-2001-1082 Lucent
Simon Horms
Directory Traversal vulnerability in RADIUS

Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a ..

5.0
2001-07-12 CVE-2001-1183 Cisco Denial of Service vulnerability in Cisco IOS Malformed PPTP Packet

PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.

5.0
2001-07-12 CVE-2001-1142 Argosoft Weak Password Encryption vulnerability in Argosoft FTP Server 1.2.2.2

ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.

5.0
2001-07-11 CVE-2001-1144 Mcafee Directory Traversal vulnerability in Mcafee Asap Virusscan 1.0

Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a ..

5.0
2001-07-11 CVE-2001-1143 IBM Denial of Service vulnerability in IBM DB2 Universal Database 7.0

IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.

5.0
2001-07-11 CVE-2001-1038 Cisco Denial of Service vulnerability in Cisco SN 5420 Storage Router

Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023.

5.0
2001-07-10 CVE-2001-1141 Openssl
Ssleay
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
5.0
2001-07-09 CVE-2001-1245 Opera Software Unspecified vulnerability in Opera Software Opera web Browser 5.0

Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.

5.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-07-10 CVE-2001-1322 Xinetd Unspecified vulnerability in Xinetd

xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.

3.6
2001-07-12 CVE-2001-1271 Rarsoft Directory Traversal vulnerability in Rar

Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a ..

2.1
2001-07-12 CVE-2001-1270 Pkware Unspecified vulnerability in Pkware Pkzip 2.70/4.00

Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a ..

2.1
2001-07-12 CVE-2001-1269 Info ZIP Unspecified vulnerability in Info-Zip Unzip

Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.

2.1
2001-07-12 CVE-2001-1268 Info ZIP Unspecified vulnerability in Info-Zip Unzip

Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a ..

2.1
2001-07-12 CVE-2001-1267 GNU Unspecified vulnerability in GNU TAR

Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a ..

2.1
2001-07-11 CVE-2001-1146 LEE Herron Unspecified vulnerability in LEE Herron Allcommerce 1.2.3

AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.

1.2