Weekly Vulnerabilities Reports > August 20 to 26, 2001

Overview

55 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 48 products from 40 vendors including SCO, SUN, HP, Zope, and Freebsd. Vulnerabilities are notably categorized as "Incorrect Authorization", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 35 reported vulnerabilities are remotely exploitables.
  • 55 reported vulnerabilities are exploitable by an anonymous user.
  • SCO has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Freebsd has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-08-23 CVE-2001-1155 Freebsd Incorrect Authorization vulnerability in Freebsd 4.1.1/4.2/4.3

TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.

9.8

17 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-08-24 CVE-2001-1455 Netegrity Unspecified vulnerability in Netegrity Siteminder

Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.

7.5
2001-08-22 CVE-2001-0632 SUN Remote Security vulnerability in SUN Chilisoft 3.5.2/3.6

Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges.

7.5
2001-08-22 CVE-2001-0626 Oreilly Unspecified vulnerability in Oreilly Website Professional

O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.

7.5
2001-08-22 CVE-2001-0617 Alliedtelesyn Remote Security vulnerability in Alliedtelesyn At-Ar220E 1.08A

Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled.

7.5
2001-08-22 CVE-2001-0614 Carello Remote Security vulnerability in E-Commerce

Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL.

7.5
2001-08-22 CVE-2001-0608 HP Unspecified vulnerability in HP MPE 6.5

HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program.

7.5
2001-08-22 CVE-2001-0605 Headlight Software Remote Security vulnerability in Mygetright

Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data.

7.5
2001-08-22 CVE-2001-0591 Oracle Unspecified vulnerability in Oracle Application Server and JSP

Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack.

7.5
2001-08-22 CVE-2001-0579 SCO Remote Security vulnerability in Openserver

lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command.

7.5
2001-08-22 CVE-2001-0572 Openbsd
SSH
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
7.5
2001-08-22 CVE-2001-0357 Matt Wright Remote Security vulnerability in FormMail

FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.

7.5
2001-08-23 CVE-2001-1091 Netbsd Local Security vulnerability in NetBSD

The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.

7.2
2001-08-22 CVE-2001-0634 SUN Unspecified vulnerability in SUN Chilisoft 3.5.2

Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service.

7.2
2001-08-22 CVE-2001-0625 Broadcom Unspecified vulnerability in Broadcom Inoculateit 6.0

ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log .

7.2
2001-08-22 CVE-2001-0587 SCO Buffer Overflow vulnerability in SCO Openserver 5.0.6

deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.

7.2
2001-08-22 CVE-2001-0577 SCO Local Security vulnerability in Openserver

recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument.

7.2
2001-08-22 CVE-2001-0556 Nedit Symbolic Link vulnerability in NEdit Incremental Backup File

The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.

7.2

31 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-08-22 CVE-2001-1294 Avtronics Buffer Overflow vulnerability in Avtronics Inetserv 3.0/3.1.1/3.2.1

Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password.

5.0
2001-08-22 CVE-2001-1150 Trend Micro Unspecified vulnerability in Trend Micro Officescan and Virus Buster

Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.

5.0
2001-08-22 CVE-2001-1140 Working Resources INC Unspecified vulnerability in Working Resources Inc. Badblue 1.02Beta

BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request.

5.0
2001-08-22 CVE-2001-1139 Ascii NT Unspecified vulnerability in Ascii NT Winwrapper Professional 2.0

Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a ..

5.0
2001-08-22 CVE-2001-0633 SUN Directory Traversal vulnerability in SUN Chilisoft 3.5.2

Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'.

5.0
2001-08-22 CVE-2001-0631 Centrinity Unspecified vulnerability in Centrinity Firstclass 5.50

Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users.

5.0
2001-08-22 CVE-2001-0630 Mimanet Directory Traversal vulnerability in Mimanet Source Viewer 2.0

Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the 'loc' variable.

5.0
2001-08-22 CVE-2001-0613 Omnicron Unspecified vulnerability in Omnicron Omnihttpd

Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request.

5.0
2001-08-22 CVE-2001-0612 Mcafee Remote Desktop Denial of Service vulnerability in Mcafee Remote Desktop 32 2.1.2/3.0

McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045.

5.0
2001-08-22 CVE-2001-0606 HP
SUN
Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service.
5.0
2001-08-22 CVE-2001-0593 Anaconda Partners Directory Traversal vulnerability in Anaconda Clipper

Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter.

5.0
2001-08-22 CVE-2001-0585 Gordano Unspecified vulnerability in Gordano Ntmail 6.0.3C

Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000.

5.0
2001-08-22 CVE-2001-0583 ALT N Denial-Of-Service vulnerability in Alt-N Mdaemon 3.5.4

Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001.

5.0
2001-08-22 CVE-2001-0581 Spytech Connection Denial Of Service vulnerability in SpyNet Chat Server

Spytech Spynet Chat Server 6.5 allows a remote attacker to create a denial of service (crash) via a large number of connections to port 6387.

5.0
2001-08-22 CVE-2001-0580 Hughes Technologies Unspecified vulnerability in Hughes Technologies DSL Vdns 1.0

Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection.

5.0
2001-08-22 CVE-2001-0571 Elron Directory Traversal vulnerability in Elron IM Anti-Virus

Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a ..

5.0
2001-08-22 CVE-2001-0564 APC Unspecified vulnerability in APC Ap9606 3.0

APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card.

5.0
2001-08-22 CVE-2001-0394 Oreilly Unspecified vulnerability in Oreilly Website PRO 3.0.37

Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.

5.0
2001-08-21 CVE-2001-1295 Grant Averett Directory Traversal vulnerability in Cerberus Ftp Server

Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2001-08-21 CVE-2001-1166 Freebsd Unspecified vulnerability in Freebsd

linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.

5.0
2001-08-21 CVE-2001-1149 Panda Denial-Of-Service vulnerability in Panda Antivirus Platinum

Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.

5.0
2001-08-21 CVE-2001-1131 Whitsoft Development Directory Traversal vulnerability in Whitsoft Development Slimftpd 2.2

Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ...

5.0
2001-08-20 CVE-2000-1203 Lotus Denial of Service vulnerability in Lotus Domino Mail Loop

Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.

5.0
2001-08-22 CVE-2001-0607 HP Denial-Of-Service vulnerability in HP-UX

asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.

4.6
2001-08-22 CVE-2001-0588 SCO Local Security vulnerability in SCO Openserver 5.0.6

sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.

4.6
2001-08-22 CVE-2001-0586 Trend Micro Denial-Of-Service vulnerability in Trend Micro Scanmail Exchange 3.5

TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords.

4.6
2001-08-22 CVE-2001-0582 BEN Spink Unspecified vulnerability in BEN Spink Crushftp FTP Server 2.1.4

Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR.

4.6
2001-08-22 CVE-2001-0578 SCO Local Security vulnerability in Openserver

Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command.

4.6
2001-08-22 CVE-2001-0576 SCO Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SCO Openserver

lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter.

4.6
2001-08-22 CVE-2001-0575 SCO Local Security vulnerability in SCO Openserver 5.0.6

Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut.

4.6
2001-08-22 CVE-2001-0560 Paul Vixie Local Security vulnerability in Vixie Cron

Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).

4.6

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-08-22 CVE-2001-0627 SCO Unspecified vulnerability in SCO Openserver

vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.

3.7
2001-08-22 CVE-2001-0589 Juniper Unspecified vulnerability in Juniper Netscreen Screenos

NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns.

2.1
2001-08-22 CVE-2001-0584 ALT N Unspecified vulnerability in Alt-N Mdaemon 3.5.6

IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands.

2.1
2001-08-22 CVE-2001-0569 Zope Local Security vulnerability in Zope

Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.

2.1
2001-08-22 CVE-2001-0568 Zope Local Security vulnerability in Zope

Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.

2.1
2001-08-21 CVE-2001-1133 Bsdi Local Kernel Denial of Service vulnerability in BSDI Possible

Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions.

2.1