Weekly Vulnerabilities Reports > October 15 to 21, 2001

Overview

65 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 59 products from 50 vendors including Cisco, Steve Poulsen, Debian, Trend Micro, and Internet Software Solutions. Vulnerabilities are notably categorized as "Improper Handling of Case Sensitivity", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Improper Input Validation".

  • 46 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 65 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Apache has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-10-18 CVE-2001-0789 Kaspersky Denial-Of-Service vulnerability in Kaspersky Anti-Virus 3.5.132.2

Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 for Sendmail allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed mail message.

10.0
2001-10-18 CVE-2001-0746 Iplanet Remote Buffer Overflow vulnerability in iPlanet Web Publisher

Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.

10.0
2001-10-18 CVE-2001-0766 Apache Improper Handling of Case Sensitivity vulnerability in Apache Http Server 1.3.14

Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.

9.8

25 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-10-18 CVE-2001-1380 Openbsd Unspecified vulnerability in Openbsd Openssh

OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.

7.5
2001-10-18 CVE-2001-0795 Cmfperception Improper Handling of Case Sensitivity vulnerability in Cmfperception Liteserve 1.25

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names.

7.5
2001-10-18 CVE-2001-0792 Xchat Remote Security vulnerability in Xchat 1.2.X

Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname.

7.5
2001-10-18 CVE-2001-0775 XLI
Xloadimage
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field.

7.5
2001-10-18 CVE-2001-0771 Spytech WEB Permissions, Privileges, and Access Controls vulnerability in Spytech-Web Spyanywhere 1.50

Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator access via a single character in the "loginpass" field.

7.5
2001-10-18 CVE-2001-0770 Steve Poulsen Unspecified vulnerability in Steve Poulsen Guildftpd 0.97

Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command.

7.5
2001-10-18 CVE-2001-0763 Debian
Suse
Buffer Overflow vulnerability in Xinetd

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

7.5
2001-10-18 CVE-2001-0761 Trend Micro Buffer Overflow vulnerability in Trend Micro Interscan Webmanager 1.2

Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1.2 allows remote attackers to execute arbitrary code via a long value to a certain parameter.

7.5
2001-10-18 CVE-2001-0758 Evolvable Corporation Directory Traversal vulnerability in Evolvable Corporation Shambala Server 4.5

Directory traversal vulnerability in Shambala 4.5 allows remote attackers to escape the FTP root directory via "CWD ..." command.

7.5
2001-10-18 CVE-2001-0757 Cisco Unspecified vulnerability in Cisco 6400 NRP 2 12.1Dc

Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet.

7.5
2001-10-18 CVE-2001-0756 Virtualcart Remote Security vulnerability in Virtualcatalog

CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualCart) allows remote attackers to execute arbitrary code via the template parameter.

7.5
2001-10-18 CVE-2001-0755 Debian Denial-Of-Service vulnerability in Debian Linux 6.2

Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command.

7.5
2001-10-18 CVE-2001-0753 Cisco Remote Security vulnerability in CBOS

Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges.

7.5
2001-10-18 CVE-2001-0751 Cisco Remote Security vulnerability in CBOS

Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.

7.5
2001-10-18 CVE-2001-0747 Iplanet Unspecified vulnerability in Iplanet web Server 4.1

Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, service packs 3 through 7, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long method name in an HTTP request.

7.5
2001-10-18 CVE-2001-0742 Computalynx Remote Security vulnerability in Computalynx Cmail 2.4.9

Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows remote attackers to run arbitrary code via a long HELO command.

7.5
2001-10-18 CVE-2001-0733 Ralf S Engelschall Unspecified vulnerability in Ralf S. Engelschall Eperl

The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code.

7.5
2001-10-18 CVE-2001-1384 Linux Unspecified vulnerability in Linux Kernel

ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.

7.2
2001-10-18 CVE-2001-0782 KDE Local Security vulnerability in Ktv

KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file.

7.2
2001-10-18 CVE-2001-0764 Juergen Schoenwaelder Buffer Overflow vulnerability in Juergen Schoenwaelder scotty ntping

Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument.

7.2
2001-10-18 CVE-2001-0759 Jetico Buffer Overflow vulnerability in Jetico Bestcrypt 0.6/0.7/0.8.1

Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount.

7.2
2001-10-18 CVE-2001-0739 Engardelinux Denial-Of-Service vulnerability in Engardelinux Secure Linux 1.0.1

Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges.

7.2
2001-10-18 CVE-2001-0734 Netbsd Unspecified vulnerability in Netbsd 1.4.1/1.5

Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local user to gain privileges via modified Status Register contents, which are not properly handled by (1) the sigreturn system call or (2) the process_write_regs kernel routine.

7.2
2001-10-17 CVE-2001-1447 Apple Privilege Escalation vulnerability in MacOS X NetInfo Manager

NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.

7.2
2001-10-16 CVE-2001-1015 Snes9X COM Local Buffer Overflow vulnerability in Snes9X.Com Snes9X 1.3.4/1.3.7

Buffer overflow in Snes9x 1.37, when installed setuid root, allows local users to gain root privileges via a long command line argument.

7.2

33 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-10-18 CVE-2001-0905 Procmail Unspecified vulnerability in Procmail 3.12/3.20

Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running.

6.2
2001-10-18 CVE-2001-0794 A FTP Denial-Of-Service vulnerability in Anonymous Ftp Server

Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers to cause a denial of service via a long USER command.

5.0
2001-10-18 CVE-2001-0791 Trend Micro Denial-Of-Service vulnerability in Interscan Viruswall (HP-UX)

Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access.

5.0
2001-10-18 CVE-2001-0790 Specter Denial-Of-Service vulnerability in Specter IDS 4.5/5.0

Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a denial of service (CPU exhaustion) via a port scan, which causes the server to consume CPU while preparing alerts.

5.0
2001-10-18 CVE-2001-0788 Internet Software Solutions Path Disclosure vulnerability in Internet Software Solutions AIR Messenger LAN Server 3.4.2

Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows remote attackers to obtain an absolute path for the server directory by viewing the Location header.

5.0
2001-10-18 CVE-2001-0786 Internet Software Solutions Unspecified vulnerability in Internet Software Solutions AIR Messenger LAN Server 3.4.2

Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 stores user passwords in plaintext in the pUser.Dat file.

5.0
2001-10-18 CVE-2001-0785 Internet Software Solutions Directory Traversal vulnerability in Internet Software Solutions AIR Messenger LAN Server 3.4.2

Directory traversal in Webpaging interface in Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows remote attackers to read arbitrary files via a ..

5.0
2001-10-18 CVE-2001-0784 Icecast Directory Traversal vulnerability in Icecast

Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified ..

5.0
2001-10-18 CVE-2001-0783 Cisco Directory Traversal vulnerability in Cisco Tftp Server 1.1

Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command.

5.0
2001-10-18 CVE-2001-0780 Cosmicperl Path Traversal vulnerability in Cosmicperl Directory PRO 2.0

Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a ..

5.0
2001-10-18 CVE-2001-0778 Omnicron Remote Security vulnerability in OmniHTTPD

OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20).

5.0
2001-10-18 CVE-2001-0777 Omnicron Denial of Service vulnerability in Omnicron OmniHTTPD PHP

Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests for PHP scripts.

5.0
2001-10-18 CVE-2001-0776 Dynfx Denial of Service vulnerability in Dynfx Mailserver 2.10

Buffer overflow in DynFX MailServer version 2.10 allows remote attackers to conduct a denial of service via a long username to the POP3 service.

5.0
2001-10-18 CVE-2001-0773 Cayman Denial of Service vulnerability in Cayman 3220-H DSL Router 1.0

Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests.

5.0
2001-10-18 CVE-2001-0769 Steve Poulsen Unspecified vulnerability in Steve Poulsen Guildftpd 0.97

Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause a denial of service via a request containing a null character.

5.0
2001-10-18 CVE-2001-0767 Steve Poulsen Directory Traversal vulnerability in Steve Poulsen Guildftpd 0.9.7

Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a ..

5.0
2001-10-18 CVE-2001-0760 Citrix Unspecified vulnerability in Citrix Nfuse 1.51

Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.

5.0
2001-10-18 CVE-2001-0754 Cisco Denial-Of-Service vulnerability in CBOS

Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets.

5.0
2001-10-18 CVE-2001-0752 Cisco Denial-Of-Service vulnerability in CBOS

Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set.

5.0
2001-10-18 CVE-2001-0750 Cisco Unspecified vulnerability in Cisco IOS 12.1(2)T/12.1(3)T

Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999.

5.0
2001-10-18 CVE-2001-0748 Acme Labs Improper Input Validation vulnerability in Acme Labs Acme Server 1.7

Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.

5.0
2001-10-18 CVE-2001-0745 Netscape Unspecified vulnerability in Netscape Messanger 4.7X

Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property.

5.0
2001-10-18 CVE-2001-0743 Oreilly Unspecified vulnerability in Oreilly Webboard 4.10.30

Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands.

5.0
2001-10-18 CVE-2001-0740 3Com Denial of Service vulnerability in 3Com 3C840-Us and 3Cp4144

3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability.

5.0
2001-10-18 CVE-2001-0738 Immunix
Debian
Denial-Of-Service vulnerability in Immunix

LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.

5.0
2001-10-15 CVE-2001-1458 Novell Unspecified vulnerability in Novell Groupwise 5.5/6.0

Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.

5.0
2001-10-15 CVE-2001-1151 Trend Micro Information Disclosure vulnerability in Virus Buster

Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.

5.0
2001-10-18 CVE-2001-0787 Redhat Unspecified vulnerability in Redhat Linux 7.0/7.1

LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges.

4.6
2001-10-18 CVE-2001-0774 Tripwire Symbolic Link vulnerability in Tripwire 1.3.1/2.2.1/2.3.0

Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files.

4.6
2001-10-18 CVE-2001-0772 HP Denial-Of-Service vulnerability in HP-UX

Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges.

4.6
2001-10-18 CVE-2001-0768 Steve Poulsen Unspecified vulnerability in Steve Poulsen Guildftpd 0.9.7

GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file.

4.6
2001-10-18 CVE-2001-0765 Bisonware Directory Traversal vulnerability in Bisonware Bison FTP Server V4R1

BisonFTP V4R1 allows local users to access directories outside of their home directory by uploading .bdl files, which can then be linked to other directories.

4.6
2001-10-18 CVE-2001-0762 SU Wrapper Unspecified vulnerability in Su-Wrapper 1.1.1

Buffer overflow in su-wrapper 1.1.1 allows local users to execute arbitrary code via a long first argument.

4.6

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-10-18 CVE-2001-0907 Linux Denial of Service vulnerability in Linux Deep Symbolic Link

Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link.

2.1
2001-10-18 CVE-2001-0744 Horde Local Security vulnerability in IMP

Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.

2.1
2001-10-18 CVE-2001-0741 Cisco Denial of Service vulnerability in Cisco HSRP

Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets.

2.1
2001-10-18 CVE-2001-0736 Immunix
University OF Washington
Engardelinux
Mandrakesoft
Redhat
Local Security vulnerability in Linux Mandrake

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.

2.1