Weekly Vulnerabilities Reports > August 12 to 18, 2002
Overview
5 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 13 products from 8 vendors including Microsoft, Freebsd, Openbsd, Blackberry, and Symantec. Vulnerabilities are notably categorized as "Off-by-one Error", "Integer Overflow or Wraparound", "Incomplete Cleanup", "Link Following", and "Improper Handling of Case Sensitivity".
- 2 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-08-12 | CVE-2002-0391 | Openbsd SUN Freebsd Microsoft | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | 9.8 |
2 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-08-12 | CVE-2002-0844 | Distrotech | Off-by-one Error vulnerability in Distrotech CVS Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. | 7.8 |
| 2002-08-12 | CVE-2002-0485 | Symantec | Improper Handling of Case Sensitivity vulnerability in Symantec Norton Antivirus Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients. | 7.5 |
2 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-08-12 | CVE-2002-0793 | Blackberry | Link Following vulnerability in Blackberry QNX Neutrino Real-Time Operating System 4.25 Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility. | 5.5 |
| 2002-08-12 | CVE-2002-0788 | PGP | Incomplete Cleanup vulnerability in PGP Corporate Desktop, Freeware and Personal Security An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information. | 5.5 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|