Weekly Vulnerabilities Reports > April 1 to 7, 2002

Overview

13 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 15 products from 11 vendors including Microsoft, Oracle, IBM, Broadcom, and Checkpoint. Vulnerabilities are notably categorized as and "Improper Locking".

  • 5 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-04-04 CVE-2002-0051 Microsoft Improper Locking vulnerability in Microsoft Windows 2000

Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.

7.8
2002-04-03 CVE-2002-0017 SGI Buffer Overflow vulnerability in IRIX SNMP Daemon

Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request.

7.5
2002-04-01 CVE-2002-1639 Oracle Unspecified vulnerability in Oracle Configurator

Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host".

7.5
2002-04-01 CVE-2001-1174 ELM Development Group Unspecified vulnerability in ELM Development Group ELM

Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header.

7.5
2002-04-04 CVE-2002-0151 Microsoft Buffer Overflow vulnerability in Microsoft Windows 2000, Windows NT and Windows XP

Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.

7.2
2002-04-03 CVE-2002-0165 Logwatch Local Security vulnerability in Logwatch 2.5

LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerability than CVE-2002-0162.

7.2
2002-04-02 CVE-2002-0158 SUN Heap Overflow vulnerability in Sun Solaris XSun Color Database File

Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.

7.2
2002-04-01 CVE-2001-1175 Andries Brouwer Unspecified vulnerability in Andries Brouwer Util-Linux 2.10S/2.11D

vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing.

7.2
2002-04-01 CVE-2001-1171 Checkpoint Local Security vulnerability in Checkpoint Firewall-1 3.0B

Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy.

7.2

4 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-04-01 CVE-2002-1640 Oracle Unspecified vulnerability in Oracle Configurator

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.

6.8
2002-04-01 CVE-2002-1620 IBM Remote Security vulnerability in IBM AIX Parallel Systems Support Programs 3.1.1/3.2/3.4

Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PSSP) 3.1.1, 3.2, and 3.4 allows remote attackers to read arbitrary files from a file collection.

5.0
2002-04-05 CVE-2002-1598 Broadcom Unspecified vulnerability in Broadcom Mlink 6.5

Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock.

4.6
2002-04-01 CVE-2001-1165 Intego Weak Password Encryption vulnerability in Intego FileGuard

Intego FileGuard 4.0 uses weak encryption to store user information and passwords, which allows local users to gain privileges by decrypting the information, e.g., with the Disengage tool.

4.6

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS