Weekly Vulnerabilities Reports > October 29 to November 4, 2001

Overview

23 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 23 products from 12 vendors including Microsoft, Sendmail, Apache, Cisco, and Progress. Vulnerabilities are notably categorized as and "Resource Exhaustion".

  • 15 reported vulnerabilities are remotely exploitables.
  • 23 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • Tooltalk has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-10-30 CVE-2001-0717 Tooltalk Unspecified vulnerability in Tooltalk Database Server

Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function.

10.0

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-10-30 CVE-2001-0718 Microsoft Unspecified vulnerability in Microsoft Excel and Powerpoint

Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.

7.5
2001-10-30 CVE-2001-0712 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.0.1/5.5

The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc.

7.5
2001-10-30 CVE-2001-0669 Cisco
ISS
Snort
Enterasys
Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.
7.5
2001-10-30 CVE-2001-0667 Microsoft Remote Security vulnerability in Internet Explorer for Unix

Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150.

7.5
2001-10-30 CVE-2001-0665 Microsoft Unspecified vulnerability in Microsoft IE

Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."

7.5
2001-10-30 CVE-2001-0664 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5

Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability."

7.5
2001-10-30 CVE-2001-0535 Macromedia Unspecified vulnerability in Macromedia Coldfusion Server 4.X

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.

7.5
2001-11-02 CVE-2001-1129 Progress Unspecified vulnerability in Progress 9.1C

Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.

7.2
2001-10-30 CVE-2001-0652 SUN Heap Overflow vulnerability in Solaris xlock

Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.

7.2

9 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-10-30 CVE-2001-0730 Apache Unspecified vulnerability in Apache Http Server 1.3.20

split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.

5.0
2001-10-30 CVE-2001-0729 Apache Unspecified vulnerability in Apache Http Server 1.3.20

Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.

5.0
2001-10-30 CVE-2001-0662 Microsoft Denial of Service vulnerability in Microsoft Windows NT 4.0

RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request.

5.0
2001-10-30 CVE-2001-0660 Microsoft Unspecified vulnerability in Microsoft Exchange Server 4.0/5.5

Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).

5.0
2001-10-30 CVE-2001-0545 Microsoft Unspecified vulnerability in Microsoft Internet Information Server 4.0

IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length.

5.0
2001-10-30 CVE-2001-0540 Microsoft Unspecified vulnerability in Microsoft Terminal Server

Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389.

5.0
2001-10-30 CVE-2001-0505 Microsoft Unspecified vulnerability in Microsoft Services 2.0

Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.

5.0
2001-10-30 CVE-2001-0728 Compaq Buffer Overflow vulnerability in Compaq Management Agents

Buffer overflow in Compaq Management Agents before 5.2, included in Compaq Web-enabled Management Software, allows local users to gain privileges.

4.6
2001-10-30 CVE-2001-0713 Sendmail Unspecified vulnerability in Sendmail

Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.

4.6

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-10-30 CVE-2001-0715 Sendmail Unspecified vulnerability in Sendmail

Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.

2.1
2001-10-30 CVE-2001-0714 Sendmail Unspecified vulnerability in Sendmail

Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option.

2.1
2001-10-30 CVE-2001-0666 Microsoft Resource Exhaustion vulnerability in Microsoft Exchange Server 2000

Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.

2.1
2001-10-30 CVE-2001-0544 Microsoft Denial of Service vulnerability in Microsoft Internet Information Services 5.0

IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.

2.1