Weekly Vulnerabilities Reports > November 4 to 10, 2002
13 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 29 products from 19 vendors including IBM, Debian, Apache, Microsoft, and Redhat. Vulnerabilities are notably categorized as .
- 10 reported vulnerabilities are remotely exploitables.
- 13 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 3 reported vulnerabilities.
- Debian has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
|2002-11-04||CVE-2002-1235|| KTH |
| Remote Buffer Overflow vulnerability in Multiple Vendor kadmind |
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
1 High Vulnerabilities
|2002-11-04||CVE-2002-1157||MOD SSL|| Cross-Site Scripting vulnerability in Mod_SSL Wildcard DNS |
Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
9 Medium Vulnerabilities
|2002-11-04||CVE-2002-1168||IBM|| Unspecified vulnerability in IBM Websphere Caching Proxy Server 3.6/4.0 |
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 188.8.131.52 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.
|2002-11-04||CVE-2002-1167||IBM|| Cross-Site Scripting vulnerability in IBM Websphere Edge Server 3.6/4.0 |
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 184.108.40.206 allows remote attackers to execute script as other users via an HTTP GET request.
|2002-11-08||CVE-2002-1585||SUN|| Denial Of Service vulnerability in Sun Solaris Network Interface |
Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic.
|2002-11-04||CVE-2002-1232|| Debian |
| Remote Network Information Leakage vulnerability in YPServ |
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
|2002-11-04||CVE-2002-1209||Solarwinds|| Directory Traversal vulnerability in Solarwinds Tftp Server 5.0.55Standard |
Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request.
|2002-11-04||CVE-2002-1169||IBM|| Denial Of Service vulnerability in IBM Websphere Caching Proxy |
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 220.127.116.11 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
|2002-11-04||CVE-2002-0666|| Frees WAN |
Global Technology Associates
| Denial of Service vulnerability in Multiple Vendor IPSec Implementation |
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
|2002-11-04||CVE-2002-0386||Oracle|| Denial Of Service vulnerability in Oracle Application Server 9.0.2 |
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data.
|2002-11-04||CVE-2002-1230||Microsoft|| Privilege Escalation vulnerability in Microsoft Windows 2000 and Windows 2000 Terminal Services |
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
2 Low Vulnerabilities
|2002-11-04||CVE-2002-1233||Apache|| Unspecified vulnerability in Apache Http Server |
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
|2002-11-04||CVE-2002-1231||Caldera|| Denial Of Service vulnerability in Caldera Openunix and Unixware |
SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.