Weekly Vulnerabilities Reports > December 9 to 15, 2002

Overview

22 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 29 products from 19 vendors including Microsoft, Apple, SGI, HP, and SUN. Vulnerabilities are notably categorized as .

  • 16 reported vulnerabilities are remotely exploitables.
  • 22 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-12-11 CVE-2002-1318 Samba
SGI
HP
Buffer Overrun vulnerability in Samba Server Encrypted Password

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.

10.0
2002-12-11 CVE-2002-1272 Alcatel Remote Access vulnerability in Alcatel AOS 5.1.1

Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.

10.0

5 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-12-11 CVE-2002-1336 Tightvnc Unspecified vulnerability in Tightvnc

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

7.5
2002-12-11 CVE-2002-1321 Realnetworks Unspecified vulnerability in Realnetworks Realone Player and Realplayer

Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g.

7.5
2002-12-11 CVE-2002-1317 Xfree86 Project
SGI
HP
SUN
Remote Buffer Overrun vulnerability in Multiple Vendor X Font Server

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

7.5
2002-12-11 CVE-2002-1254 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."

7.5
2002-12-11 CVE-2002-1183 Microsoft Unspecified vulnerability in Microsoft Windows 98, Windows 98Se and Windows NT

Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).

7.5

13 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-12-11 CVE-2002-1334 Bizdesign Cross-Site Scripting vulnerability in BizDesign ImageFolio

Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi.

6.8
2002-12-11 CVE-2002-1187 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.

6.8
2002-12-11 CVE-2002-1188 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0

Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."

6.4
2002-12-11 CVE-2002-1322 Rational Software Denial Of Service vulnerability in Rational ClearCase Portscan

Rational ClearCase 4.1, 2002.05, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain packets to port 371, e.g.

5.0
2002-12-11 CVE-2002-1320 University OF Washington Unspecified vulnerability in University of Washington Pine

Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").

5.0
2002-12-11 CVE-2002-1267 Apple Denial-Of-Service vulnerability in Apple mac OS X 10.2.2

Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."

5.0
2002-12-11 CVE-2002-1186 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."

5.0
2002-12-11 CVE-2002-1185 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."

5.0
2002-12-11 CVE-2002-1323 Safe PM
SUN
SGI
Redhat
SCO
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
4.6
2002-12-11 CVE-2002-1269 Apple Local Security vulnerability in Apple mac OS X 10.2.2

Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.

4.6
2002-12-11 CVE-2002-1268 Apple Local Security vulnerability in Apple mac OS X 10.2.2

Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."

4.6
2002-12-11 CVE-2002-1266 Apple Local Security vulnerability in Apple mac OS X 10.2.2

Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."

4.6
2002-12-11 CVE-2002-1335 W3M Cross-Site Scripting vulnerability in W3M 0.3.2

Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-12-11 CVE-2002-1319 Linux
Trustix
Denial Of Service vulnerability in Linux Kernel 2.4 System Call TF Flag

The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.

2.1
2002-12-11 CVE-2002-1270 Apple Local Security vulnerability in Apple mac OS X 10.2.2

Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.

2.1