Weekly Vulnerabilities Reports > February 25 to March 3, 2002
Overview
7 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 15 products from 14 vendors including Debian, Redhat, GNU, Suse, and Oracle. Vulnerabilities are notably categorized as .
- 4 reported vulnerabilities are remotely exploitables.
- 7 reported vulnerabilities are exploitable by an anonymous user.
- Debian has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Andrew Tridgell has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-02-27 | CVE-2002-0048 | Andrew Tridgell | Remote Code Execution vulnerability in rsync Signed Array Index Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server. | 10.0 |
4 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-02-27 | CVE-2002-0028 | Mirabilis | Remote Buffer Overflow vulnerability in Mirabilis ICQ Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request. | 7.5 |
| 2002-02-27 | CVE-2002-0003 | GNU | Buffer Overflow vulnerability in Groff Pre-Processor Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system. | 7.5 |
| 2002-02-27 | CVE-2002-0001 | Mutt | Buffer Overflow vulnerability in Mutt Address Handling Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list. | 7.5 |
| 2002-02-27 | CVE-2002-0004 | Caldera Debian Freebsd Mandrakesoft Netbsd Redhat Slackware Suse | Heap Overflow vulnerability in AT Maliciously Formatted Time Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. | 7.2 |
2 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-02-26 | CVE-2002-1637 | Oracle | Local Security vulnerability in Oracle 9i Application Server Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges. | 4.6 |
| 2002-02-26 | CVE-2001-1465 | Surfcontrol | Local Security vulnerability in SurfControl SuperScout SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements. | 4.6 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|