Weekly Vulnerabilities Reports > March 4 to 10, 2002
Overview
26 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 31 products from 19 vendors including Microsoft, Redhat, Squid, GNU, and Freeradius. Vulnerabilities are notably categorized as "Incorrect Resource Transfer Between Spheres", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Privilege Management", and "Authentication Bypass by Capture-replay".
- 26 reported vulnerabilities are remotely exploitables.
- 26 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 17 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-03-08 | CVE-2002-0018 | Microsoft | Privilege Escalation vulnerability in Microsoft Windows 2000 and Windows NT In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. | 10.0 |
15 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-03-08 | CVE-2002-0081 | PHP | Buffer Overflow vulnerability in PHP Post File Upload Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled. | 7.5 |
2002-03-08 | CVE-2002-0068 | Squid Redhat | Buffer Overflow vulnerability in Squid Cache FTP Proxy URL Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters. | 7.5 |
2002-03-08 | CVE-2002-0067 | Squid Redhat | Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions. | 7.5 |
2002-03-08 | CVE-2002-0063 | Easy Software Products | Buffer Overflow vulnerability in Common Unix Printing System Attribute Name Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values. | 7.5 |
2002-03-08 | CVE-2002-0060 | Linux | Unspecified vulnerability in Linux Kernel 2.3.99/2.4.18 IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions. | 7.5 |
2002-03-08 | CVE-2002-0056 | Microsoft | Buffer Overflow vulnerability in Microsoft SQL Server OLE DB Provider Name Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. | 7.5 |
2002-03-08 | CVE-2002-0054 | Microsoft | Authentication Bypass BY Capture-Replay vulnerability in Microsoft Exchange Server and Windows 2000 SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. | 7.5 |
2002-03-08 | CVE-2002-0053 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. | 7.5 |
2002-03-08 | CVE-2002-0050 | Microsoft | Buffer Overflow vulnerability in Microsoft Commerce Server 2000 Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. | 7.5 |
2002-03-08 | CVE-2002-0027 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. | 7.5 |
2002-03-08 | CVE-2002-0026 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. | 7.5 |
2002-03-08 | CVE-2002-0024 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. | 7.5 |
2002-03-08 | CVE-2002-0022 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. | 7.5 |
2002-03-08 | CVE-2002-0020 | Microsoft | Buffer Overflow vulnerability in Microsoft Telnet Server Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options. | 7.5 |
2002-03-04 | CVE-2001-1376 | Ascend Freeradius GNU Icradius Livingston Lucent Miquel VAN Smoorenburg Cistron Openradius Radiusclient Xtradius Yard Radius Yard Radius Project | Buffer Overflow vulnerability in Multiple Vendor RADIUS Digest Calculation Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data. | 7.5 |
9 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-03-08 | CVE-2002-0049 | Microsoft | Improper Privilege Management vulnerability in Microsoft Exchange Server 2000 Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. | 6.4 |
2002-03-08 | CVE-2002-1619 | IBM | Denial-Of-Service vulnerability in AIX Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump). | 5.0 |
2002-03-08 | CVE-2002-0057 | Microsoft | Unspecified vulnerability in Microsoft products XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. | 5.0 |
2002-03-08 | CVE-2002-0055 | Microsoft | Incorrect Resource Transfer Between Spheres vulnerability in Microsoft Exchange Server, Windows 2000 and Windows XP SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. | 5.0 |
2002-03-08 | CVE-2002-0052 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. | 5.0 |
2002-03-08 | CVE-2002-0025 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. | 5.0 |
2002-03-08 | CVE-2002-0023 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. | 5.0 |
2002-03-08 | CVE-2002-0021 | Microsoft | Denial of Service vulnerability in Microsoft Office V.X Network Product Identification (PID) Checker in Microsoft Office v. | 5.0 |
2002-03-04 | CVE-2001-1377 | Freeradius GNU Icradius Livingston Lucent Miquel VAN Smoorenburg Cistron Openradius Radiusclient Xtradius Yard Radius Yard Radius Project | Denial Of Service vulnerability in Multiple Vendor Radius Short Vendor-Length Field Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2. | 5.0 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-03-08 | CVE-2002-0069 | Squid Redhat | Denial of Service vulnerability in Squid Cache SNMP Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service. | 2.6 |