Weekly Vulnerabilities Reports > December 17 to 23, 2001

Overview

30 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 36 products from 26 vendors including Microsoft, Redhat, Suse, Oracle, and D Link. Vulnerabilities are notably categorized as .

  • 22 reported vulnerabilities are remotely exploitables.
  • 30 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Webmin has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-21 CVE-2001-1440 IBM Authentication Module Unauthorized Access vulnerability in IBM AIX 5.1L

Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system.
10.0
2001-12-21 CVE-2001-1220 D Link Unspecified vulnerability in D-Link Dwl-1000Ap 3.2.28483

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.
10.0
2001-12-17 CVE-2001-1196 Webmin Directory Traversal vulnerability in Webmin 0.91

Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
10.0

13 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-23 CVE-2001-1224 LES Vanbrunt SQL Injection vulnerability in LES Vanbrunt Adrotate PRO 2.0

get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack.
7.5
2001-12-21 CVE-2001-1216 Oracle Buffer Overflow vulnerability in Oracle Application Server 1.0.2

Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
7.5
2001-12-21 CVE-2001-0871 Alchemy LAB
DEK Software 		Remote Command Execution vulnerability in Alchemy Eye

Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a ..
7.5
2001-12-21 CVE-2001-0869 Caldera
Redhat
Suse 		Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.
7.5
2001-12-20 CVE-2001-1215 Michael Baumer Unspecified vulnerability in Michael Baumer Pfinger 0.7.5/0.7.6/0.7.7

Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.
7.5
2001-12-20 CVE-2001-0876 Microsoft Buffer Overflow vulnerability in Microsoft UPnP NOTIFY

Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.
7.5
2001-12-20 CVE-2001-0542 Microsoft Buffer Overflow vulnerability in Microsoft SQL-Server 2000/7.0

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf.
7.5
2001-12-19 CVE-2001-0889 University OF Cambridge
Redhat 		Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
7.5
2001-12-17 CVE-2001-1199 Steve Kneizys Cross-Site Scripting vulnerability in Agora.CGI Debug Mode

Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
7.5
2001-12-21 CVE-2001-0873 IAN Lance Taylor Unspecified vulnerability in IAN Lance Taylor Uucp 1.0.6

uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.
7.2
2001-12-21 CVE-2001-0872 Openbsd
Redhat
Suse 		OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
7.2
2001-12-17 CVE-2001-1201 Timecop Unspecified vulnerability in Timecop Wmcube GDK 0.98

Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file.
7.2
2001-12-17 CVE-2001-1200 Microsoft Unspecified vulnerability in Microsoft Windows XP

Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys.
7.2

13 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-18 CVE-2001-1213 Datawizard Unspecified vulnerability in Datawizard Ftpxq 2.0/2.1

The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder.
6.4
2001-12-21 CVE-2001-0884 GNU Cross-Site Scripting vulnerability in GNU Mailman

Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
5.1
2001-12-21 CVE-2001-1221 D Link Unspecified vulnerability in D-Link Dwl-1000Ap 3.2.28483

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.
5.0
2001-12-21 CVE-2001-1217 Oracle Directory Traversal vulnerability in Oracle Application Server 1.0.2

Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with ..
5.0
2001-12-21 CVE-2001-0888 Atmel
Linksys
Netgear 		Denial of Service vulnerability in Atmel SNMP public Community or Unknown OID

Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests.
5.0
2001-12-21 CVE-2001-0870 Alchemy LAB
DEK Software 		Remote Network Log Viewing vulnerability in Alchemy

HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file.
5.0
2001-12-20 CVE-2001-1219 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0

Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
5.0
2001-12-20 CVE-2001-0879 Microsoft Unspecified vulnerability in Microsoft products

Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
5.0
2001-12-20 CVE-2001-0877 Microsoft Denial of Service vulnerability in Microsoft Universal Plug and Play Simple Service Discovery Protocol

Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.
5.0
2001-12-18 CVE-2001-1212 Aktivate Cross-Site Scripting vulnerability in Aktivate 1.03

Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.
5.0
2001-12-21 CVE-2001-0886 Debian
Redhat 		Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.
4.6
2001-12-21 CVE-1999-1174 Iomega Local Security vulnerability in Zip 100 Mb Drive

ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target disk, and using the known password to access the target disk.
4.6
2001-12-17 CVE-2001-1448 Magic Local Security vulnerability in Edeveloper

Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts.
4.6

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-20 CVE-2001-1218 Microsoft Denial of Service vulnerability in Microsoft IE 5.0

Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
2.1