Weekly Vulnerabilities Reports > October 15 to 21, 2001
Overview
65 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 59 products from 50 vendors including Cisco, Steve Poulsen, Debian, Trend Micro, and Internet Software Solutions. Vulnerabilities are notably categorized as "Improper Handling of Case Sensitivity", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Improper Input Validation".
- 46 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 65 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Apache has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-10-18 | CVE-2001-0789 | Kaspersky | Denial-Of-Service vulnerability in Kaspersky Anti-Virus 3.5.132.2 Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 for Sendmail allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed mail message. | 10.0 |
2001-10-18 | CVE-2001-0746 | Iplanet | Remote Buffer Overflow vulnerability in iPlanet Web Publisher Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods. | 10.0 |
2001-10-18 | CVE-2001-0766 | Apache | Improper Handling of Case Sensitivity vulnerability in Apache Http Server 1.3.14 Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters. | 9.8 |
25 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-10-18 | CVE-2001-1380 | Openbsd | Unspecified vulnerability in Openbsd Openssh OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses. | 7.5 |
2001-10-18 | CVE-2001-0795 | Cmfperception | Improper Handling of Case Sensitivity vulnerability in Cmfperception Liteserve 1.25 Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names. | 7.5 |
2001-10-18 | CVE-2001-0792 | Xchat | Remote Security vulnerability in Xchat 1.2.X Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname. | 7.5 |
2001-10-18 | CVE-2001-0775 | XLI Xloadimage | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field. | 7.5 |
2001-10-18 | CVE-2001-0771 | Spytech WEB | Permissions, Privileges, and Access Controls vulnerability in Spytech-Web Spyanywhere 1.50 Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator access via a single character in the "loginpass" field. | 7.5 |
2001-10-18 | CVE-2001-0770 | Steve Poulsen | Unspecified vulnerability in Steve Poulsen Guildftpd 0.97 Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command. | 7.5 |
2001-10-18 | CVE-2001-0763 | Debian Suse | Buffer Overflow vulnerability in Xinetd Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function. | 7.5 |
2001-10-18 | CVE-2001-0761 | Trend Micro | Buffer Overflow vulnerability in Trend Micro Interscan Webmanager 1.2 Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1.2 allows remote attackers to execute arbitrary code via a long value to a certain parameter. | 7.5 |
2001-10-18 | CVE-2001-0758 | Evolvable Corporation | Directory Traversal vulnerability in Evolvable Corporation Shambala Server 4.5 Directory traversal vulnerability in Shambala 4.5 allows remote attackers to escape the FTP root directory via "CWD ..." command. | 7.5 |
2001-10-18 | CVE-2001-0757 | Cisco | Unspecified vulnerability in Cisco 6400 NRP 2 12.1Dc Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet. | 7.5 |
2001-10-18 | CVE-2001-0756 | Virtualcart | Remote Security vulnerability in Virtualcatalog CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualCart) allows remote attackers to execute arbitrary code via the template parameter. | 7.5 |
2001-10-18 | CVE-2001-0755 | Debian | Denial-Of-Service vulnerability in Debian Linux 6.2 Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command. | 7.5 |
2001-10-18 | CVE-2001-0753 | Cisco | Remote Security vulnerability in CBOS Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. | 7.5 |
2001-10-18 | CVE-2001-0751 | Cisco | Remote Security vulnerability in CBOS Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections. | 7.5 |
2001-10-18 | CVE-2001-0747 | Iplanet | Unspecified vulnerability in Iplanet web Server 4.1 Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, service packs 3 through 7, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long method name in an HTTP request. | 7.5 |
2001-10-18 | CVE-2001-0742 | Computalynx | Remote Security vulnerability in Computalynx Cmail 2.4.9 Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows remote attackers to run arbitrary code via a long HELO command. | 7.5 |
2001-10-18 | CVE-2001-0733 | Ralf S Engelschall | Unspecified vulnerability in Ralf S. Engelschall Eperl The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code. | 7.5 |
2001-10-18 | CVE-2001-1384 | Linux | Unspecified vulnerability in Linux Kernel ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp. | 7.2 |
2001-10-18 | CVE-2001-0782 | KDE | Local Security vulnerability in Ktv KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file. | 7.2 |
2001-10-18 | CVE-2001-0764 | Juergen Schoenwaelder | Buffer Overflow vulnerability in Juergen Schoenwaelder scotty ntping Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument. | 7.2 |
2001-10-18 | CVE-2001-0759 | Jetico | Buffer Overflow vulnerability in Jetico Bestcrypt 0.6/0.7/0.8.1 Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount. | 7.2 |
2001-10-18 | CVE-2001-0739 | Engardelinux | Denial-Of-Service vulnerability in Engardelinux Secure Linux 1.0.1 Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges. | 7.2 |
2001-10-18 | CVE-2001-0734 | Netbsd | Unspecified vulnerability in Netbsd 1.4.1/1.5 Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local user to gain privileges via modified Status Register contents, which are not properly handled by (1) the sigreturn system call or (2) the process_write_regs kernel routine. | 7.2 |
2001-10-17 | CVE-2001-1447 | Apple | Privilege Escalation vulnerability in MacOS X NetInfo Manager NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges. | 7.2 |
2001-10-16 | CVE-2001-1015 | Snes9X COM | Local Buffer Overflow vulnerability in Snes9X.Com Snes9X 1.3.4/1.3.7 Buffer overflow in Snes9x 1.37, when installed setuid root, allows local users to gain root privileges via a long command line argument. | 7.2 |
33 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-10-18 | CVE-2001-0905 | Procmail | Unspecified vulnerability in Procmail 3.12/3.20 Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running. | 6.2 |
2001-10-18 | CVE-2001-0794 | A FTP | Denial-Of-Service vulnerability in Anonymous Ftp Server Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers to cause a denial of service via a long USER command. | 5.0 |
2001-10-18 | CVE-2001-0791 | Trend Micro | Denial-Of-Service vulnerability in Interscan Viruswall (HP-UX) Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access. | 5.0 |
2001-10-18 | CVE-2001-0790 | Specter | Denial-Of-Service vulnerability in Specter IDS 4.5/5.0 Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a denial of service (CPU exhaustion) via a port scan, which causes the server to consume CPU while preparing alerts. | 5.0 |
2001-10-18 | CVE-2001-0788 | Internet Software Solutions | Path Disclosure vulnerability in Internet Software Solutions AIR Messenger LAN Server 3.4.2 Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows remote attackers to obtain an absolute path for the server directory by viewing the Location header. | 5.0 |
2001-10-18 | CVE-2001-0786 | Internet Software Solutions | Unspecified vulnerability in Internet Software Solutions AIR Messenger LAN Server 3.4.2 Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 stores user passwords in plaintext in the pUser.Dat file. | 5.0 |
2001-10-18 | CVE-2001-0785 | Internet Software Solutions | Directory Traversal vulnerability in Internet Software Solutions AIR Messenger LAN Server 3.4.2 Directory traversal in Webpaging interface in Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows remote attackers to read arbitrary files via a .. | 5.0 |
2001-10-18 | CVE-2001-0784 | Icecast | Directory Traversal vulnerability in Icecast Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. | 5.0 |
2001-10-18 | CVE-2001-0783 | Cisco | Directory Traversal vulnerability in Cisco Tftp Server 1.1 Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command. | 5.0 |
2001-10-18 | CVE-2001-0780 | Cosmicperl | Path Traversal vulnerability in Cosmicperl Directory PRO 2.0 Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a .. | 5.0 |
2001-10-18 | CVE-2001-0778 | Omnicron | Remote Security vulnerability in OmniHTTPD OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20). | 5.0 |
2001-10-18 | CVE-2001-0777 | Omnicron | Denial of Service vulnerability in Omnicron OmniHTTPD PHP Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests for PHP scripts. | 5.0 |
2001-10-18 | CVE-2001-0776 | Dynfx | Denial of Service vulnerability in Dynfx Mailserver 2.10 Buffer overflow in DynFX MailServer version 2.10 allows remote attackers to conduct a denial of service via a long username to the POP3 service. | 5.0 |
2001-10-18 | CVE-2001-0773 | Cayman | Denial of Service vulnerability in Cayman 3220-H DSL Router 1.0 Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests. | 5.0 |
2001-10-18 | CVE-2001-0769 | Steve Poulsen | Unspecified vulnerability in Steve Poulsen Guildftpd 0.97 Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause a denial of service via a request containing a null character. | 5.0 |
2001-10-18 | CVE-2001-0767 | Steve Poulsen | Directory Traversal vulnerability in Steve Poulsen Guildftpd 0.9.7 Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a .. | 5.0 |
2001-10-18 | CVE-2001-0760 | Citrix | Unspecified vulnerability in Citrix Nfuse 1.51 Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field. | 5.0 |
2001-10-18 | CVE-2001-0754 | Cisco | Denial-Of-Service vulnerability in CBOS Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets. | 5.0 |
2001-10-18 | CVE-2001-0752 | Cisco | Denial-Of-Service vulnerability in CBOS Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set. | 5.0 |
2001-10-18 | CVE-2001-0750 | Cisco | Unspecified vulnerability in Cisco IOS 12.1(2)T/12.1(3)T Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. | 5.0 |
2001-10-18 | CVE-2001-0748 | Acme Labs | Improper Input Validation vulnerability in Acme Labs Acme Server 1.7 Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI. | 5.0 |
2001-10-18 | CVE-2001-0745 | Netscape | Unspecified vulnerability in Netscape Messanger 4.7X Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property. | 5.0 |
2001-10-18 | CVE-2001-0743 | Oreilly | Unspecified vulnerability in Oreilly Webboard 4.10.30 Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands. | 5.0 |
2001-10-18 | CVE-2001-0740 | 3Com | Denial of Service vulnerability in 3Com 3C840-Us and 3Cp4144 3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability. | 5.0 |
2001-10-18 | CVE-2001-0738 | Immunix Debian | Denial-Of-Service vulnerability in Immunix LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages. | 5.0 |
2001-10-15 | CVE-2001-1458 | Novell | Unspecified vulnerability in Novell Groupwise 5.5/6.0 Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character. | 5.0 |
2001-10-15 | CVE-2001-1151 | Trend Micro | Information Disclosure vulnerability in Virus Buster Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password. | 5.0 |
2001-10-18 | CVE-2001-0787 | Redhat | Unspecified vulnerability in Redhat Linux 7.0/7.1 LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges. | 4.6 |
2001-10-18 | CVE-2001-0774 | Tripwire | Symbolic Link vulnerability in Tripwire 1.3.1/2.2.1/2.3.0 Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files. | 4.6 |
2001-10-18 | CVE-2001-0772 | HP | Denial-Of-Service vulnerability in HP-UX Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges. | 4.6 |
2001-10-18 | CVE-2001-0768 | Steve Poulsen | Unspecified vulnerability in Steve Poulsen Guildftpd 0.9.7 GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file. | 4.6 |
2001-10-18 | CVE-2001-0765 | Bisonware | Directory Traversal vulnerability in Bisonware Bison FTP Server V4R1 BisonFTP V4R1 allows local users to access directories outside of their home directory by uploading .bdl files, which can then be linked to other directories. | 4.6 |
2001-10-18 | CVE-2001-0762 | SU Wrapper | Unspecified vulnerability in Su-Wrapper 1.1.1 Buffer overflow in su-wrapper 1.1.1 allows local users to execute arbitrary code via a long first argument. | 4.6 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-10-18 | CVE-2001-0907 | Linux | Denial of Service vulnerability in Linux Deep Symbolic Link Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link. | 2.1 |
2001-10-18 | CVE-2001-0744 | Horde | Local Security vulnerability in IMP Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file. | 2.1 |
2001-10-18 | CVE-2001-0741 | Cisco | Denial of Service vulnerability in Cisco HSRP Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets. | 2.1 |
2001-10-18 | CVE-2001-0736 | Immunix University OF Washington Engardelinux Mandrakesoft Redhat | Local Security vulnerability in Linux Mandrake Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. | 2.1 |