Weekly Vulnerabilities Reports > August 27 to September 2, 2001
Overview
4 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 6 products from 5 vendors including Qualcomm, Microsoft, Checkpoint, Arkeia, and Zonelabs. Vulnerabilities are notably categorized as "Improper Locking", "Use of Password Hash With Insufficient Computational Effort", and "Origin Validation Error".
- 2 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities are exploitable by an anonymous user.
- Qualcomm has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Arkeia has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-08-31 | CVE-2001-0967 | Arkeia | Use of Password Hash With Insufficient Computational Effort vulnerability in Arkeia 4.2/4.2.82 Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing. | 9.8 |
1 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-08-31 | CVE-2001-1452 | Microsoft | Origin Validation Error vulnerability in Microsoft Windows 2000 and Windows NT By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | 7.5 |
2 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-08-31 | CVE-2000-1198 | Qualcomm | Improper Locking vulnerability in Qualcomm Qpopper 2.53/3.0 qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes. | 5.5 |
| 2001-08-29 | CVE-2001-0682 | Zonelabs Checkpoint | Improper Locking vulnerability in multiple products ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting. | 5.5 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|