Weekly Vulnerabilities Reports > September 10 to 16, 2001

Overview

30 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 23 products from 20 vendors including Mozilla, Khamil Landross AND Zack Jones, Microsoft, Broadcom, and CA. Vulnerabilities are notably categorized as .

  • 21 reported vulnerabilities are remotely exploitables.
  • 30 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Broadcom has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-09-15 CVE-2001-0960 Broadcom
CA
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.
10.0

18 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-09-15 CVE-2001-1014 Michael Boehme Remote Arbitrary Command Execution vulnerability in Michael Boehme Webdiscount E Shop Online Shop System 1.0

eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter.

7.5
2001-09-12 CVE-2001-1112 Khamil Landross AND Zack Jones Buffer Overflow Code Execution and Denial of Service vulnerability in Khamil Landross and Zack Jones Eftp 2.0.7.337

Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters.

7.5
2001-09-12 CVE-2001-1109 Khamil Landross AND Zack Jones Unspecified vulnerability in Khamil Landross and Zack Jones Eftp 2.0.7.337

Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a ..

7.5
2001-09-12 CVE-2001-1105 Cisco
RSA
Authentication Bypass vulnerability in RSA BSAFE SSL-J

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.

7.5
2001-09-12 CVE-2001-0999 Microsoft Unspecified vulnerability in Microsoft Outlook Express 6.0

Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script.

7.5
2001-09-12 CVE-2001-0958 Trend Micro Buffer Overflow vulnerability in Trend Micro InterScan eManager

Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll.

7.5
2001-09-11 CVE-2001-1446 Apple Unspecified vulnerability in Apple mac OS X

Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.

7.5
2001-09-11 CVE-2001-0997 Textor Webmasters LTD Remote Security vulnerability in Textor Webmasters Ltd. Listrec.Pl 1.0

Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter.

7.5
2001-09-10 CVE-2001-1407 Mozilla Unspecified vulnerability in Mozilla Bugzilla

Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.

7.5
2001-09-10 CVE-2001-1404 Mozilla Remote Security vulnerability in Bugzilla

Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.

7.5
2001-09-10 CVE-2001-1403 Mozilla Remote Security vulnerability in Bugzilla

Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.

7.5
2001-09-10 CVE-2001-1402 Mozilla Cross-Site Scripting vulnerability in Bugzilla

Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.

7.5
2001-09-10 CVE-2001-1401 Mozilla Remote Security vulnerability in Bugzilla

Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.

7.5
2001-09-10 CVE-2001-1369 Leon J Breedt Remote SQL Query Manipulation vulnerability in Leon J Breedt Pam-Pgsql 0.5.1/0.5.2

Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.

7.5
2001-09-10 CVE-2001-1090 Alessandro Gardich Remote SQL Query Manipulation vulnerability in Alessandro Gardich NSS Postgresql 0.6.1

nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request.

7.5
2001-09-10 CVE-2001-1089 Alessandro Gardich
Joerg Wendland
Remote SQL Query Manipulation vulnerability in Joerg Wendland LibNSS-PgSQL

libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request.

7.5
2001-09-11 CVE-2001-0956 Speechio Unspecified vulnerability in Speechio Speechd

speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters.

7.2
2001-09-10 CVE-2001-1093 Compaq Buffer Overflow vulnerability in Digital Unix MSGCHK

Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument.

7.2

7 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-09-15 CVE-2001-0959 Broadcom
CA
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.
6.4
2001-09-14 CVE-2001-0986 Microsoft File Information and Path Disclosure vulnerability in Microsoft Index Server 2.0

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.

5.0
2001-09-12 CVE-2001-1110 Khamil Landross AND Zack Jones Remote Security vulnerability in Khamil Landross and Zack Jones Eftp 2.0.7.337

EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.

5.0
2001-09-12 CVE-2001-1013 Redhat Remote Username Enumeration vulnerability in Redhat Linux 7.0

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.

5.0
2001-09-13 CVE-2001-0984 Counterpane Buffer Recovery vulnerability in Counterpane Password Safe 1.7.1

Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize and prompt on restore" options enabled, which could allow an attacker with access to the memory (e.g.

4.6
2001-09-12 CVE-2001-1111 Khamil Landross AND Zack Jones Unspecified vulnerability in Khamil Landross and Zack Jones Eftp 2.0.7.337

EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file.

4.6
2001-09-11 CVE-2001-1094 Crosstec Corporation Authentication vulnerability in Crosstec Corporation Netop School 1.5

NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version.

4.6

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-09-13 CVE-2001-1136 HP Denial of Service vulnerability in HP Hp-Ux 11.04

The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.

2.1
2001-09-10 CVE-2001-1406 Mozilla Local Security vulnerability in Bugzilla

process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.

2.1
2001-09-10 CVE-2001-1405 Mozilla Denial-Of-Service vulnerability in Bugzilla

Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.

2.1
2001-09-10 CVE-2001-1092 Compaq Symbolic Link vulnerability in Digital Unix MSGCHK MH_PROFILE

msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file.

2.1