Weekly Vulnerabilities Reports > November 4 to 10, 2002

Overview

13 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 29 products from 19 vendors including IBM, Debian, Microsoft, Redhat, and Apache. Vulnerabilities are notably categorized as .

  • 10 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 3 reported vulnerabilities.
  • Debian has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-11-04 CVE-2002-1235 KTH
MIT
Debian
Remote Buffer Overflow vulnerability in Multiple Vendor kadmind

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

10.0

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-11-04 CVE-2002-1157 MOD SSL Cross-Site Scripting vulnerability in Mod_SSL Wildcard DNS

Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.

7.5

9 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-11-04 CVE-2002-1168 IBM Unspecified vulnerability in IBM Websphere Caching Proxy Server 3.6/4.0

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.

6.8
2002-11-04 CVE-2002-1167 IBM Cross-Site Scripting vulnerability in IBM Websphere Edge Server 3.6/4.0

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.

6.8
2002-11-08 CVE-2002-1585 SUN Denial Of Service vulnerability in Sun Solaris Network Interface

Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic.

5.0
2002-11-04 CVE-2002-1232 Debian
HP
Redhat
Remote Network Information Leakage vulnerability in YPServ

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

5.0
2002-11-04 CVE-2002-1209 Solarwinds Directory Traversal vulnerability in Solarwinds Tftp Server 5.0.55Standard

Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request.

5.0
2002-11-04 CVE-2002-1169 IBM Denial Of Service vulnerability in IBM Websphere Caching Proxy

IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.

5.0
2002-11-04 CVE-2002-0666 Frees WAN
Apple
Freebsd
Netbsd
Global Technology Associates
NEC
Denial of Service vulnerability in Multiple Vendor IPSec Implementation

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.

5.0
2002-11-04 CVE-2002-0386 Oracle Denial Of Service vulnerability in Oracle Application Server 9.0.2

The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data.

5.0
2002-11-04 CVE-2002-1230 Microsoft Privilege Escalation vulnerability in Microsoft Windows 2000 and Windows 2000 Terminal Services

NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."

4.6

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-11-04 CVE-2002-1233 Apache Unspecified vulnerability in Apache Http Server

A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.

2.6
2002-11-04 CVE-2002-1231 Caldera Denial Of Service vulnerability in Caldera Openunix and Unixware

SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.

2.1