Weekly Vulnerabilities Reports > January 13 to 19, 2003

Overview

21 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 17 products from 16 vendors including Postgresql, Mozilla, Mcrypt, Gert Doering, and Apache. Vulnerabilities are notably categorized as "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 15 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities are exploitable by an anonymous user.
  • Postgresql has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Postgresql has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-01-17 CVE-2002-1399 Postgresql Remote Security vulnerability in PostgreSQL

Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2).

10.0

11 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-01-17 CVE-2003-0031 Mcrypt Buffer Overrun vulnerability in Libmcrypt

Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash).

7.5
2003-01-17 CVE-2003-0026 ISC Remote Buffer Overflow vulnerability in ISC DHCPD NSUPDATE MiniRes Library

Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.

7.5
2003-01-17 CVE-2003-0025 Horde SQL Injection vulnerability in Horde IMP Database Files

Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.

7.5
2003-01-17 CVE-2003-0013 Mozilla LocalConfig Backup File Disclosure vulnerability in Bugzilla

The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.

7.5
2003-01-17 CVE-2002-1400 Postgresql Unspecified vulnerability in Postgresql

Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string.

7.5
2003-01-17 CVE-2002-1397 Postgresql Buffer Overflow vulnerability in PostgreSQL cash_words Function

Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow.

7.5
2003-01-17 CVE-2002-1396 PHP Unspecified vulnerability in PHP

Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.

7.5
2003-01-17 CVE-2002-1394 Apache Unspecified vulnerability in Apache Tomcat

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

7.5
2003-01-17 CVE-2002-1393 KDE Unspecified vulnerability in KDE

Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.

7.5
2003-01-17 CVE-2002-1391 Gert Doering Buffer Overrun vulnerability in MGetty Caller ID Excessive Name Length

Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument.

7.5
2003-01-17 CVE-2002-1403 Phystech Remote Command Execution vulnerability in DHCPCD Character Expansion

dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script.

7.2

6 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-01-17 CVE-2002-1401 Postgresql Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Postgresql

Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.

6.5
2003-01-17 CVE-2003-0032 Mcrypt Unspecified vulnerability in Mcrypt Libmcrypt

Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool.

5.0
2003-01-17 CVE-2003-0001 Freebsd
Linux
Microsoft
Netbsd
Information Exposure vulnerability in multiple products

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

5.0
2003-01-17 CVE-2002-1390 Geneweb Unspecified vulnerability in Geneweb

The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL.

5.0
2003-01-17 CVE-2002-1402 Postgresql Unspecified vulnerability in Postgresql

Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code.

4.6
2003-01-17 CVE-2002-1398 Postgresql Unspecified vulnerability in Postgresql

Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input."

4.6

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-01-17 CVE-2003-0012 Mozilla Unspecified vulnerability in Mozilla Bugzilla

The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.

2.1
2003-01-17 CVE-2002-1395 Debian Unspecified vulnerability in Debian Internet Message 1330/1410

Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz.

2.1
2003-01-17 CVE-2002-1392 Gert Doering Unspecified vulnerability in Gert Doering Mgetty

faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.

2.1