Weekly Vulnerabilities Reports > October 28 to November 3, 2002
Overview
34 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 16 high severity vulnerabilities. This weekly summary report vulnerabilities in 43 products from 26 vendors including Microsoft, Mozilla, SUN, Cisco, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", and "Permissions, Privileges, and Access Controls".
- 31 reported vulnerabilities are remotely exploitables.
- 34 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 4 reported vulnerabilities.
- KTH has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-10-28 | CVE-2002-1226 | KTH | Unspecified vulnerability in KTH Heimdal Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225). | 10.0 |
| 2002-10-28 | CVE-2002-1225 | KTH | Unspecified vulnerability in KTH Heimdal Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access. | 10.0 |
| 2002-10-28 | CVE-2002-1215 | Linux HA | Remote Buffer Overflow vulnerability in Linux-Ha Heartbeat 0.4.9 Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources). | 10.0 |
| 2002-10-28 | CVE-2002-1145 | Microsoft | Privilege Escalation vulnerability in Microsoft Data Engine and SQL Server The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. | 10.0 |
16 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-10-28 | CVE-2002-1229 | Avaya | Unspecified vulnerability in Avaya products Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges. | 7.5 |
| 2002-10-28 | CVE-2002-1227 | PAM | Authentication Bypass vulnerability in PAM 0.76 PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users. | 7.5 |
| 2002-10-28 | CVE-2002-1223 | KDE | Denial-Of-Service vulnerability in KDE 1.1/3.0.3A Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. | 7.5 |
| 2002-10-28 | CVE-2002-1217 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions. | 7.5 |
| 2002-10-28 | CVE-2002-1214 | Microsoft | Buffer Overflow vulnerability in Microsoft products Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. | 7.5 |
| 2002-10-28 | CVE-2002-1202 | Compaq | Remote Route Daemon vulnerability in HP Tru64 Unspecifed Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A allows local and remote attackers to read arbitrary files. | 7.5 |
| 2002-10-28 | CVE-2002-1200 | Oneidentity | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oneidentity Syslog-Ng Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | 7.5 |
| 2002-10-28 | CVE-2002-1198 | Mozilla | SQL Injection vulnerability in Bugzilla Account Creation Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack. | 7.5 |
| 2002-10-28 | CVE-2002-1197 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. | 7.5 |
| 2002-10-28 | CVE-2002-1196 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. | 7.5 |
| 2002-10-28 | CVE-2002-1194 | Netbsd | Buffer Overflow vulnerability in NetBSD talkd Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message. | 7.5 |
| 2002-10-28 | CVE-2002-1190 | Cisco | Remote Security vulnerability in Unity Server Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls. | 7.5 |
| 2002-10-28 | CVE-2002-1179 | Microsoft | Buffer Overflow vulnerability in Microsoft Outlook Express S/MIME Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. | 7.5 |
| 2002-10-28 | CVE-2002-0836 | HP Mandrakesoft Redhat | dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. | 7.5 |
| 2002-10-29 | CVE-2002-1590 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Solaris and Sunos The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service. | 7.2 |
| 2002-10-28 | CVE-2002-1222 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Catos Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request. | 7.1 |
13 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-10-28 | CVE-2002-1228 | SUN | Remote Denial of Service vulnerability in Solaris NFS lockd Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon. | 5.0 |
| 2002-10-28 | CVE-2002-1224 | KDE | Unspecified vulnerability in KDE Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter. | 5.0 |
| 2002-10-28 | CVE-2002-1216 | GNU | Remote Security vulnerability in tar GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. | 5.0 |
| 2002-10-28 | CVE-2002-1213 | Radiobird Software | Directory Traversal vulnerability in Radiobird Software Webserver 4 ALL 1.23/1.27 Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".." (dot-dot) sequences containing URL-encoded forward slash ("%2F") characters. | 5.0 |
| 2002-10-28 | CVE-2002-1212 | Radiobird Software | Buffer Overflow vulnerability in Radiobird Software Webserver 4 ALL 1.23/1.27 Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | 5.0 |
| 2002-10-28 | CVE-2002-1203 | IBM | Resource Management Errors vulnerability in IBM Secureway Firewall 4.2/4.2.1 IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed TCP packets without any flags set. | 5.0 |
| 2002-10-28 | CVE-2002-1201 | IBM | Remote Empty TCP Flag Flood Denial Of Service vulnerability in IBM AIX 4.3.3/5 IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers. | 5.0 |
| 2002-10-28 | CVE-2002-1199 | Caldera SCO SUN | Local File Disclosure vulnerability in ypxfrd The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments. | 5.0 |
| 2002-10-28 | CVE-2002-1191 | Sabre | Denial Of Service vulnerability in Sabre Desktop Reservation Software Client The Sabserv client component in Sabre Desktop Reservation Software 4.2 through 4.4 allows remote attackers to cause a denial of service via malformed input to TCP port 1001. | 5.0 |
| 2002-10-28 | CVE-2002-1118 | Oracle | Remote Denial Of Service vulnerability in Oracle TNS Listener Service_CurLoad TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. | 5.0 |
| 2002-10-28 | CVE-2002-0990 | Symantec | Denial of Service vulnerability in Multiple Symantec HTTP Proxy The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout. | 5.0 |
| 2002-10-28 | CVE-2002-1192 | Rogue Netbsd | Local Buffer Overflow vulnerability in Rogue Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game save file. | 4.6 |
| 2002-10-28 | CVE-2002-1195 | Gabriele Bartolini | Unspecified vulnerability in Gabriele Bartolini HT Check 1.1 Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page. | 4.3 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-10-28 | CVE-2002-1193 | Tkmail | Unspecified vulnerability in Tkmail tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files. | 2.1 |