Weekly Vulnerabilities Reports > February 17 to 23, 2003

Overview

27 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 31 products from 24 vendors including MIT, Microsoft, Redhat, SUN, and Linux. Vulnerabilities are notably categorized as .

  • 16 reported vulnerabilities are remotely exploitables.
  • 27 reported vulnerabilities are exploitable by an anonymous user.
  • MIT has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • Redhat has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-02-19 CVE-2003-0041 MIT
Redhat
Remote Security vulnerability in Linux

Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.

10.0

13 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-02-19 CVE-2003-1328 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."

7.5
2003-02-19 CVE-2003-1326 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."

7.5
2003-02-19 CVE-2003-0075 Bladeenc Unspecified vulnerability in Bladeenc

Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.

7.5
2003-02-19 CVE-2003-0060 MIT Remote Format String vulnerability in MIT Kerberos Key Distribution Center

Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.

7.5
2003-02-19 CVE-2003-0059 MIT Unspecified vulnerability in MIT Kerberos 5 1.2.1/1.2.2

Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.

7.5
2003-02-19 CVE-2003-0057 Hypermail Buffer Overflow vulnerability in Hypermail Message Attachment

Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname.

7.5
2003-02-19 CVE-2003-0040 Double Precision Incorporated
Inter7
SQL Injection vulnerability in Courier-IMAP Username

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.

7.5
2003-02-19 CVE-2003-0074 Plptools Unspecified vulnerability in Plptools 0.6

Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.

7.2
2003-02-19 CVE-2003-0062 Eset Software Local Buffer Overflow vulnerability in Eset Software Nod32 Antivirus 1.0.11/1.0.12

Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name.

7.2
2003-02-19 CVE-2003-0056 Slocate Unspecified vulnerability in Slocate 2.5/2.6

Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.

7.2
2003-02-19 CVE-2003-0019 Redhat Unspecified vulnerability in Redhat Linux 8.0

uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g.

7.2
2003-02-19 CVE-2003-0004 Microsoft Privilege Escalation vulnerability in Microsoft Windows XP Redirector

Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter.

7.2
2003-02-19 CVE-2002-1160 Redhat Unspecified vulnerability in Redhat Linux

The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.

7.2

11 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-02-19 CVE-2003-0076 Dcgui
QT Dcgui
Remote Security vulnerability in qt-dcgui

Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist.

6.4
2003-02-19 CVE-2003-0073 Oracle Unspecified vulnerability in Oracle Mysql

Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.

5.0
2003-02-19 CVE-2003-0058 MIT
SUN
Denial of Service vulnerability in Kerberos Key Distribution Center

MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.

5.0
2003-02-19 CVE-2002-1405 Elinks
Links
University OF Kansas
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
5.0
2003-02-19 CVE-2002-1348 W3M Cross-Site Scripting vulnerability in W3M Image Attribute

w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.

5.0
2003-02-19 CVE-2002-0669 Pingtel Denial-Of-Service vulnerability in Xpressa 1.2.5/1.2.7.4

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs.

5.0
2003-02-19 CVE-2002-0036 MIT Unspecified vulnerability in MIT Kerberos 5

Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.

5.0
2003-02-18 CVE-2003-1079 SUN Denial of Service vulnerability in Sun Solaris UDP RPC Packet

Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.

5.0
2003-02-19 CVE-2003-0048 Putty Unspecified vulnerability in Putty

PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

4.6
2003-02-19 CVE-2003-0047 VAN Dyke Technologies Unspecified vulnerability in VAN Dyke Technologies Entunnel, Securecrt and Securefx

SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

4.6
2003-02-19 CVE-2003-0046 Celestial Software Unspecified vulnerability in Celestial Software Absolutetelnet 2.11

AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

4.6

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-02-19 CVE-2003-0018 Linux Unspecified vulnerability in Linux Kernel

Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.

3.6
2003-02-19 CVE-2002-1508 Openldap Local Security vulnerability in Openldap 2.0

slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.

1.2