Weekly Vulnerabilities Reports > March 11 to 17, 2002

Overview

16 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 31 products from 20 vendors including SUN, Microsoft, Redhat, IBM, and Suse. Vulnerabilities are notably categorized as "Numeric Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Privilege Management".

  • 8 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities are exploitable by an anonymous user.
  • SUN has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Redhat has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-03-15 CVE-2002-0083 Immunix
Mandrakesoft
Openbsd
Openpkg
Conectiva
Engardelinux
Redhat
Suse
Trustix
Numeric Errors vulnerability in multiple products

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

10.0

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-03-15 CVE-2002-0070 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.

7.6
2002-03-15 CVE-2002-0091 Nswc Remote Command Execution vulnerability in CIDER Shadow Analyzer

Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields.

7.5
2002-03-15 CVE-2002-0082 Apache SSL
MOD SSL
Buffer Overflow vulnerability in Apache mod_ssl/Apache-SSL

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

7.5
2002-03-15 CVE-2002-0059 Zlib Unspecified vulnerability in Zlib

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

7.5
2002-03-15 CVE-2002-0090 SUN Buffer Overflow vulnerability in SUN Solaris 8.0

Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.

7.2
2002-03-15 CVE-2002-0089 SUN Local Buffer Overflow vulnerability in Solaris admintool

Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.

7.2
2002-03-15 CVE-2002-0088 SUN Unspecified vulnerability in SUN Solaris and Sunos

Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.

7.2
2002-03-15 CVE-2002-0086 IBM Buffer Overflow vulnerability in Lotus Domino Notes_ExecDirectory

Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.

7.2
2002-03-15 CVE-2002-0084 SUN Unspecified vulnerability in SUN Solaris and Sunos

Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.

7.2

4 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-03-15 CVE-2002-0092 CVS Denial Of Service vulnerability in CVS Server Global Variable

CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.

5.0
2002-03-15 CVE-2002-0085 SUN Denial of Service vulnerability in Solaris cachefsd

cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.

5.0
2002-03-15 CVE-2002-0058 Microsoft
SUN
Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.
5.0
2002-03-15 CVE-2002-0164 Caldera Unspecified vulnerability in Caldera Openlinux Server and Openlinux Workstation

Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.

4.6

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-03-15 CVE-2002-0087 Lotus Symbolic Link Attack vulnerability in Lotus Domino 5.0.7

bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.

2.1
2002-03-15 CVE-2002-0080 Samba
Redhat
Improper Privilege Management vulnerability in multiple products

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

2.1