Weekly Vulnerabilities Reports > December 10 to 16, 2001

Overview

18 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 23 products from 17 vendors including Microsoft, IBM, HP, Freebsd, and Citrix. Vulnerabilities are notably categorized as .

  • 12 reported vulnerabilities are remotely exploitables.
  • 18 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 3 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-12 CVE-2001-0797 SGI
HP
IBM
SCO
SUN
Buffer Overflow vulnerability in Multiple Vendor System V Derived 'login'

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

10.0

7 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-15 CVE-2001-1214 Marcus S Xenakis Unspecified vulnerability in Marcus S. Xenakis Unix Manual 1.0

manual.php in Marcus S.

7.5
2001-12-15 CVE-2001-1195 Novell Authentication vulnerability in Novell Groupwise Servlet Gateway Default

Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.

7.5
2001-12-14 CVE-2001-0727 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0

Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."

7.5
2001-12-13 CVE-2001-1192 Citrix Unspecified vulnerability in Citrix ICA Client 6.1

Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client.

7.5
2001-12-11 CVE-2001-1188 Brian Dorricott Unspecified vulnerability in Brian Dorricott Mailto 1.0.7/1.0.8/1.0.9

mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields.

7.5
2001-12-11 CVE-2001-1187 Mutasem Abudahab Remote Arbitrary Command Execution vulnerability in Mutasem Abudahab Csvform and Csvform Plus

csvform.pl 0.1 allows remote attackers to execute arbitrary commands via metacharacters in the file parameter.

7.5
2001-12-15 CVE-2001-1198 HP Unspecified vulnerability in HP Hp-Ux

RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.

7.2

9 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-10 CVE-2001-1185 Freebsd Unspecified vulnerability in Freebsd 4.4

Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.

6.2
2001-12-14 CVE-2001-1194 Zyxel Remote Denial Of Service vulnerability in Zyxel Prestige 1600 and Prestige 681

Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly.

5.0
2001-12-13 CVE-2001-1193 Khamil Landross AND Zack Jones Directory Traversal vulnerability in Khamil Landross and Zack Jones Eftp 2.0.8.346

Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ...

5.0
2001-12-13 CVE-2001-0874 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0

Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability.

5.0
2001-12-11 CVE-2001-1191 IBM Denial Of Service vulnerability in IBM Tivoli Secureway Policy Director 3.8

WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e.

5.0
2001-12-11 CVE-2001-1186 Microsoft Unspecified vulnerability in Microsoft Internet Information Services 5.0

Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.

5.0
2001-12-14 CVE-2001-1197 KDE Unspecified vulnerability in KDE Kdeutils 2.2/2.2.2

klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file.

4.6
2001-12-13 CVE-2001-1189 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.

4.6
2001-12-12 CVE-2001-1190 Mandrakesoft Unspecified vulnerability in Mandrakesoft Mandrake Linux 8.1

The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.

4.6

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-11 CVE-2001-0890 Sane Unspecified vulnerability in Sane

Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.

2.1