Weekly Vulnerabilities Reports > December 9 to 15, 2002
Overview
21 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 28 products from 18 vendors including Microsoft, Apple, SGI, HP, and SUN. Vulnerabilities are notably categorized as .
- 15 reported vulnerabilities are remotely exploitables.
- 21 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 6 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-12-11 | CVE-2002-1318 | Samba SGI HP | Buffer Overrun vulnerability in Samba Server Encrypted Password Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string. | 10.0 |
2002-12-11 | CVE-2002-1272 | Alcatel | Remote Access vulnerability in Alcatel AOS 5.1.1 Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. | 10.0 |
5 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-12-11 | CVE-2002-1336 | Tightvnc | Unspecified vulnerability in Tightvnc TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. | 7.5 |
2002-12-11 | CVE-2002-1321 | Realnetworks | Unspecified vulnerability in Realnetworks Realone Player and Realplayer Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. | 7.5 |
2002-12-11 | CVE-2002-1317 | Xfree86 Project SGI HP SUN | Remote Buffer Overrun vulnerability in Multiple Vendor X Font Server Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. | 7.5 |
2002-12-11 | CVE-2002-1254 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods." | 7.5 |
2002-12-11 | CVE-2002-1183 | Microsoft | Unspecified vulnerability in Microsoft Windows 98, Windows 98Se and Windows NT Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). | 7.5 |
12 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-12-11 | CVE-2002-1334 | Bizdesign | Cross-Site Scripting vulnerability in BizDesign ImageFolio Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi. | 6.8 |
2002-12-11 | CVE-2002-1187 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. | 6.8 |
2002-12-11 | CVE-2002-1188 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0 Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading." | 6.4 |
2002-12-11 | CVE-2002-1322 | Rational Software | Denial Of Service vulnerability in Rational ClearCase Portscan Rational ClearCase 4.1, 2002.05, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain packets to port 371, e.g. | 5.0 |
2002-12-11 | CVE-2002-1320 | University OF Washington | Unspecified vulnerability in University of Washington Pine Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks ("). | 5.0 |
2002-12-11 | CVE-2002-1267 | Apple | Denial-Of-Service vulnerability in Apple mac OS X 10.2.2 Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible." | 5.0 |
2002-12-11 | CVE-2002-1186 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." | 5.0 |
2002-12-11 | CVE-2002-1185 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." | 5.0 |
2002-12-11 | CVE-2002-1323 | Safe PM SUN SGI Redhat SCO | Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. | 4.6 |
2002-12-11 | CVE-2002-1269 | Apple | Local Security vulnerability in Apple mac OS X 10.2.2 Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem. | 4.6 |
2002-12-11 | CVE-2002-1268 | Apple | Local Security vulnerability in Apple mac OS X 10.2.2 Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD." | 4.6 |
2002-12-11 | CVE-2002-1266 | Apple | Local Security vulnerability in Apple mac OS X 10.2.2 Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File." | 4.6 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2002-12-11 | CVE-2002-1319 | Linux Trustix | Denial Of Service vulnerability in Linux Kernel 2.4 System Call TF Flag The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs. | 2.1 |
2002-12-11 | CVE-2002-1270 | Apple | Local Security vulnerability in Apple mac OS X 10.2.2 Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call. | 2.1 |