Weekly Vulnerabilities Reports > August 20 to 26, 2001
Overview
55 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 48 products from 40 vendors including SCO, SUN, HP, Freebsd, and Zope. Vulnerabilities are notably categorized as and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 35 reported vulnerabilities are remotely exploitables.
- 55 reported vulnerabilities are exploitable by an anonymous user.
- SCO has the most reported vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
18 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-08-24 | CVE-2001-1455 | Netegrity | Unspecified vulnerability in Netegrity Siteminder Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters. | 7.5 |
2001-08-23 | CVE-2001-1155 | Freebsd | Unspecified vulnerability in Freebsd 4.1.1/4.2/4.3 TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing. | 7.5 |
2001-08-22 | CVE-2001-0632 | SUN | Remote Security vulnerability in SUN Chilisoft 3.5.2/3.6 Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges. | 7.5 |
2001-08-22 | CVE-2001-0626 | Oreilly | Unspecified vulnerability in Oreilly Website Professional O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character. | 7.5 |
2001-08-22 | CVE-2001-0617 | Alliedtelesyn | Remote Security vulnerability in Alliedtelesyn At-Ar220E 1.08A Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled. | 7.5 |
2001-08-22 | CVE-2001-0614 | Carello | Remote Security vulnerability in E-Commerce Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL. | 7.5 |
2001-08-22 | CVE-2001-0608 | HP | Unspecified vulnerability in HP MPE 6.5 HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program. | 7.5 |
2001-08-22 | CVE-2001-0605 | Headlight Software | Remote Security vulnerability in Mygetright Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data. | 7.5 |
2001-08-22 | CVE-2001-0591 | Oracle | Unspecified vulnerability in Oracle Application Server and JSP Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. | 7.5 |
2001-08-22 | CVE-2001-0579 | SCO | Remote Security vulnerability in Openserver lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command. | 7.5 |
2001-08-22 | CVE-2001-0572 | Openbsd SSH | The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. | 7.5 |
2001-08-22 | CVE-2001-0357 | Matt Wright | Remote Security vulnerability in FormMail FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters. | 7.5 |
2001-08-23 | CVE-2001-1091 | Netbsd | Local Security vulnerability in NetBSD The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable. | 7.2 |
2001-08-22 | CVE-2001-0634 | SUN | Unspecified vulnerability in SUN Chilisoft 3.5.2 Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service. | 7.2 |
2001-08-22 | CVE-2001-0625 | Broadcom | Unspecified vulnerability in Broadcom Inoculateit 6.0 ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log . | 7.2 |
2001-08-22 | CVE-2001-0587 | SCO | Buffer Overflow vulnerability in SCO Openserver 5.0.6 deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command. | 7.2 |
2001-08-22 | CVE-2001-0577 | SCO | Local Security vulnerability in Openserver recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument. | 7.2 |
2001-08-22 | CVE-2001-0556 | Nedit | Symbolic Link vulnerability in NEdit Incremental Backup File The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file. | 7.2 |
31 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-08-22 | CVE-2001-1294 | Avtronics | Buffer Overflow vulnerability in Avtronics Inetserv 3.0/3.1.1/3.2.1 Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password. | 5.0 |
2001-08-22 | CVE-2001-1150 | Trend Micro | Unspecified vulnerability in Trend Micro Officescan and Virus Buster Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files. | 5.0 |
2001-08-22 | CVE-2001-1140 | Working Resources INC | Unspecified vulnerability in Working Resources Inc. Badblue 1.02Beta BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request. | 5.0 |
2001-08-22 | CVE-2001-1139 | Ascii NT | Unspecified vulnerability in Ascii NT Winwrapper Professional 2.0 Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. | 5.0 |
2001-08-22 | CVE-2001-0633 | SUN | Directory Traversal vulnerability in SUN Chilisoft 3.5.2 Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'. | 5.0 |
2001-08-22 | CVE-2001-0631 | Centrinity | Unspecified vulnerability in Centrinity Firstclass 5.50 Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users. | 5.0 |
2001-08-22 | CVE-2001-0630 | Mimanet | Directory Traversal vulnerability in Mimanet Source Viewer 2.0 Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the 'loc' variable. | 5.0 |
2001-08-22 | CVE-2001-0613 | Omnicron | Unspecified vulnerability in Omnicron Omnihttpd Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request. | 5.0 |
2001-08-22 | CVE-2001-0612 | Mcafee | Remote Desktop Denial of Service vulnerability in Mcafee Remote Desktop 32 2.1.2/3.0 McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045. | 5.0 |
2001-08-22 | CVE-2001-0606 | HP SUN | Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service. | 5.0 |
2001-08-22 | CVE-2001-0593 | Anaconda Partners | Directory Traversal vulnerability in Anaconda Clipper Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter. | 5.0 |
2001-08-22 | CVE-2001-0585 | Gordano | Unspecified vulnerability in Gordano Ntmail 6.0.3C Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000. | 5.0 |
2001-08-22 | CVE-2001-0583 | ALT N | Denial-Of-Service vulnerability in Alt-N Mdaemon 3.5.4 Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001. | 5.0 |
2001-08-22 | CVE-2001-0581 | Spytech | Connection Denial Of Service vulnerability in SpyNet Chat Server Spytech Spynet Chat Server 6.5 allows a remote attacker to create a denial of service (crash) via a large number of connections to port 6387. | 5.0 |
2001-08-22 | CVE-2001-0580 | Hughes Technologies | Unspecified vulnerability in Hughes Technologies DSL Vdns 1.0 Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection. | 5.0 |
2001-08-22 | CVE-2001-0571 | Elron | Directory Traversal vulnerability in Elron IM Anti-Virus Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. | 5.0 |
2001-08-22 | CVE-2001-0564 | APC | Unspecified vulnerability in APC Ap9606 3.0 APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card. | 5.0 |
2001-08-22 | CVE-2001-0394 | Oreilly | Unspecified vulnerability in Oreilly Website PRO 3.0.37 Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory. | 5.0 |
2001-08-21 | CVE-2001-1295 | Grant Averett | Directory Traversal vulnerability in Cerberus Ftp Server Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2001-08-21 | CVE-2001-1166 | Freebsd | Unspecified vulnerability in Freebsd linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process. | 5.0 |
2001-08-21 | CVE-2001-1149 | Panda | Denial-Of-Service vulnerability in Panda Antivirus Platinum Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file. | 5.0 |
2001-08-21 | CVE-2001-1131 | Whitsoft Development | Directory Traversal vulnerability in Whitsoft Development Slimftpd 2.2 Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... | 5.0 |
2001-08-20 | CVE-2000-1203 | Lotus | Denial of Service vulnerability in Lotus Domino Mail Loop Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop. | 5.0 |
2001-08-22 | CVE-2001-0607 | HP | Denial-Of-Service vulnerability in HP-UX asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083. | 4.6 |
2001-08-22 | CVE-2001-0588 | SCO | Local Security vulnerability in SCO Openserver 5.0.6 sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command. | 4.6 |
2001-08-22 | CVE-2001-0586 | Trend Micro | Denial-Of-Service vulnerability in Trend Micro Scanmail Exchange 3.5 TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords. | 4.6 |
2001-08-22 | CVE-2001-0582 | BEN Spink | Unspecified vulnerability in BEN Spink Crushftp FTP Server 2.1.4 Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR. | 4.6 |
2001-08-22 | CVE-2001-0578 | SCO | Local Security vulnerability in Openserver Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command. | 4.6 |
2001-08-22 | CVE-2001-0576 | SCO | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SCO Openserver lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter. | 4.6 |
2001-08-22 | CVE-2001-0575 | SCO | Local Security vulnerability in SCO Openserver 5.0.6 Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut. | 4.6 |
2001-08-22 | CVE-2001-0560 | Paul Vixie | Local Security vulnerability in Vixie Cron Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters). | 4.6 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-08-22 | CVE-2001-0627 | SCO | Unspecified vulnerability in SCO Openserver vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack. | 3.7 |
2001-08-22 | CVE-2001-0589 | Juniper | Unspecified vulnerability in Juniper Netscreen Screenos NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns. | 2.1 |
2001-08-22 | CVE-2001-0584 | ALT N | Unspecified vulnerability in Alt-N Mdaemon 3.5.6 IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands. | 2.1 |
2001-08-22 | CVE-2001-0569 | Zope | Local Security vulnerability in Zope Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet. | 2.1 |
2001-08-22 | CVE-2001-0568 | Zope | Local Security vulnerability in Zope Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes. | 2.1 |
2001-08-21 | CVE-2001-1133 | Bsdi | Local Kernel Denial of Service vulnerability in BSDI Possible Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions. | 2.1 |