Weekly Vulnerabilities Reports > February 17 to 23, 2003
Overview
25 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 29 products from 23 vendors including MIT, Microsoft, Redhat, SUN, and Oracle. Vulnerabilities are notably categorized as .
- 15 reported vulnerabilities are remotely exploitables.
- 25 reported vulnerabilities are exploitable by an anonymous user.
- MIT has the most reported vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
13 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-02-19 | CVE-2003-1328 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." | 7.5 |
2003-02-19 | CVE-2003-1326 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." | 7.5 |
2003-02-19 | CVE-2003-0075 | Bladeenc | Unspecified vulnerability in Bladeenc Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk. | 7.5 |
2003-02-19 | CVE-2003-0060 | MIT | Remote Format String vulnerability in MIT Kerberos Key Distribution Center Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names. | 7.5 |
2003-02-19 | CVE-2003-0059 | MIT | Unspecified vulnerability in MIT Kerberos 5 1.2.1/1.2.2 Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. | 7.5 |
2003-02-19 | CVE-2003-0057 | Hypermail | Buffer Overflow vulnerability in Hypermail Message Attachment Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname. | 7.5 |
2003-02-19 | CVE-2003-0040 | Double Precision Incorporated Inter7 | SQL Injection vulnerability in Courier-IMAP Username SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name. | 7.5 |
2003-02-19 | CVE-2003-0074 | Plptools | Unspecified vulnerability in Plptools 0.6 Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog. | 7.2 |
2003-02-19 | CVE-2003-0062 | Eset Software | Local Buffer Overflow vulnerability in Eset Software Nod32 Antivirus 1.0.11/1.0.12 Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name. | 7.2 |
2003-02-19 | CVE-2003-0056 | Slocate | Unspecified vulnerability in Slocate 2.5/2.6 Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument. | 7.2 |
2003-02-19 | CVE-2003-0019 | Redhat | Unspecified vulnerability in Redhat Linux 8.0 uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. | 7.2 |
2003-02-19 | CVE-2003-0004 | Microsoft | Privilege Escalation vulnerability in Microsoft Windows XP Redirector Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter. | 7.2 |
2003-02-19 | CVE-2002-1160 | Redhat | Unspecified vulnerability in Redhat Linux The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su. | 7.2 |
11 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-02-19 | CVE-2003-0076 | Dcgui QT Dcgui | Remote Security vulnerability in qt-dcgui Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist. | 6.4 |
2003-02-19 | CVE-2003-0073 | Oracle | Unspecified vulnerability in Oracle Mysql Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. | 5.0 |
2003-02-19 | CVE-2003-0058 | MIT SUN | Denial of Service vulnerability in Kerberos Key Distribution Center MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. | 5.0 |
2003-02-19 | CVE-2002-1405 | Elinks Links University OF Kansas | CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters. | 5.0 |
2003-02-19 | CVE-2002-1348 | W3M | Cross-Site Scripting vulnerability in W3M Image Attribute w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies. | 5.0 |
2003-02-19 | CVE-2002-0669 | Pingtel | Denial-Of-Service vulnerability in Xpressa 1.2.5/1.2.7.4 The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs. | 5.0 |
2003-02-19 | CVE-2002-0036 | MIT | Unspecified vulnerability in MIT Kerberos 5 Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. | 5.0 |
2003-02-18 | CVE-2003-1079 | SUN | Denial of Service vulnerability in Sun Solaris UDP RPC Packet Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated. | 5.0 |
2003-02-19 | CVE-2003-0048 | Putty | Unspecified vulnerability in Putty PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. | 4.6 |
2003-02-19 | CVE-2003-0047 | VAN Dyke Technologies | Unspecified vulnerability in VAN Dyke Technologies Entunnel, Securecrt and Securefx SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. | 4.6 |
2003-02-19 | CVE-2003-0046 | Celestial Software | Unspecified vulnerability in Celestial Software Absolutetelnet 2.11 AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. | 4.6 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-02-19 | CVE-2002-1508 | Openldap | Local Security vulnerability in Openldap 2.0 slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests. | 1.2 |