Weekly Vulnerabilities Reports > March 3 to 9, 2003
Overview
42 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 42 products from 33 vendors including Apple, Xfree86 Project, Oracle, Rxvt, and SUN. Vulnerabilities are notably categorized as and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 33 reported vulnerabilities are remotely exploitables.
- 41 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
6 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-03-07 | CVE-2003-0033 | Snort | Buffer Overflow vulnerability in Snort RPC Preprocessor Fragment Reassembly Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets. | 10.0 |
| 2003-03-03 | CVE-2003-0101 | Engardelinux Usermin Webmin | miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges. | 10.0 |
| 2003-03-03 | CVE-2003-0098 | Apcupsd Debian | Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server. | 10.0 |
| 2003-03-03 | CVE-2003-0095 | Oracle | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server, Oracle8I and Oracle9I Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. | 10.0 |
| 2003-03-03 | CVE-2002-1510 | Xfree86 Project | Unspecified vulnerability in Xfree86 Project X11R6 xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist. | 10.0 |
| 2003-03-03 | CVE-2003-0096 | Oracle | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server, Oracle8I and Oracle9I Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function. | 9.0 |
18 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-03-07 | CVE-2003-0107 | Zlib | Unspecified vulnerability in Zlib 1.1.4 Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. | 7.5 |
| 2003-03-07 | CVE-2003-0055 | Apple | Buffer Overrun vulnerability in Apple Quicktime/Darwin MP3 Broadcaster Filename Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename. | 7.5 |
| 2003-03-07 | CVE-2003-0054 | Apple | Unspecified vulnerability in Apple products Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser. | 7.5 |
| 2003-03-07 | CVE-2003-0050 | Apple | Unspecified vulnerability in Apple products parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters. | 7.5 |
| 2003-03-03 | CVE-2003-0100 | Cisco | Buffer Overflow vulnerability in Cisco IOS OSPF Neighbor Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements. | 7.5 |
| 2003-03-03 | CVE-2003-0097 | PHP | Unspecified vulnerability in PHP 4.3.0 Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect). | 7.5 |
| 2003-03-03 | CVE-2003-0068 | Michael Jennings | Unspecified vulnerability in Michael Jennings Eterm 0.8.10/0.9.1 The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. | 7.5 |
| 2003-03-03 | CVE-2003-0066 | Rxvt | Unspecified vulnerability in Rxvt The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. | 7.5 |
| 2003-03-03 | CVE-2003-0065 | National University OF Singapore | Unspecified vulnerability in National University of Singapore Uxterm 2.3/2.4.1 The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. | 7.5 |
| 2003-03-03 | CVE-2003-0064 | SGI HP IBM SUN | The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. | 7.5 |
| 2003-03-03 | CVE-2003-0063 | Xfree86 Project | Unspecified vulnerability in Xfree86 Project X11R6 The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. | 7.5 |
| 2003-03-03 | CVE-2003-0049 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password. | 7.5 |
| 2003-03-03 | CVE-2003-0024 | Aterm | Unspecified vulnerability in Aterm 0.42 The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. | 7.5 |
| 2003-03-03 | CVE-2002-0842 | Oracle | Unspecified vulnerability in Oracle Application Server 9.0.2 Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. | 7.5 |
| 2003-03-03 | CVE-2003-0099 | APC | Buffer Overflow vulnerability in APC Apcupsd 3.8.5 Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function. | 7.2 |
| 2003-03-03 | CVE-2003-0088 | Apple | Privilege Escalation vulnerability in Apple MacOS Classic TruBlueEnvironment Environment Variable TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information. | 7.2 |
| 2003-03-03 | CVE-2003-0087 | National Language Support | Buffer Overflow vulnerability in IBM AIX libIM Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm. | 7.2 |
| 2003-03-03 | CVE-2002-1472 | Xfree86 Project | Local Privilege Escalation vulnerability in Xfree86 Project X11R6 4.1.0/4.2.0 Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module. | 7.2 |
13 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-03-07 | CVE-2003-0009 | Microsoft | Buffer Overflow vulnerability in Microsoft Windows Help and Support Center Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. | 6.8 |
| 2003-03-03 | CVE-2003-0070 | Nalin Dahyabhai Gnome | VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. | 6.8 |
| 2003-03-07 | CVE-2003-0108 | LBL | Denial Of Service vulnerability in TCPDump Malformed ISAKMP Packet isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop. | 5.0 |
| 2003-03-07 | CVE-2003-0103 | Nokia | Denial of Service vulnerability in Nokia 6210 Handset 5.27 Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers. | 5.0 |
| 2003-03-07 | CVE-2003-0052 | Apple | Unspecified vulnerability in Apple products parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories. | 5.0 |
| 2003-03-07 | CVE-2003-0051 | Apple | Remote Path Disclosure vulnerability in Apple products parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter. | 5.0 |
| 2003-03-03 | CVE-2003-0094 | Andries Brouwer | Unspecified vulnerability in Andries Brouwer Util-Linux 2.11N/2.11U A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. | 5.0 |
| 2003-03-03 | CVE-2003-0093 | LBL | Denial-Of-Service vulnerability in tcpdump The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop. | 5.0 |
| 2003-03-03 | CVE-2003-0023 | Rxvt | Unspecified vulnerability in Rxvt The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. | 5.0 |
| 2003-03-03 | CVE-2003-0022 | Rxvt | Local File Corruption vulnerability in RXVT Screen Dump Escape Sequence The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. | 5.0 |
| 2003-03-03 | CVE-2003-0021 | Michael Jennings | Local File Corruption vulnerability in Eterm Screen Dump Escape Sequence The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. | 5.0 |
| 2003-03-03 | CVE-2002-1511 | ATT Tightvnc | Authentication Cookie Predictability vulnerability in TightVNC Server The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies. | 5.0 |
| 2003-03-07 | CVE-2003-0053 | Apple | Cross-Site Scripting vulnerability in Apple products Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message. | 4.3 |
5 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-03-03 | CVE-2002-1509 | Redhat | Unspecified vulnerability in Redhat Linux 7.2/7.3/8.0 A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email. | 3.6 |
| 2003-03-05 | CVE-2003-1077 | SUN | Denial Of Service vulnerability in SUN Solaris 9.0 Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang). | 2.1 |
| 2003-03-03 | CVE-2003-0079 | Hanterm | Denial of Service vulnerability in Hanterm Hanterm-Xf 2.0 The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop. | 2.1 |
| 2003-03-03 | CVE-2003-0071 | Xfree86 Project | Denial Of Service vulnerability in Xterm Loop-Based Escape Sequence The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop. | 2.1 |
| 2003-03-07 | CVE-2003-0120 | MHC Utils | Unspecified vulnerability in Mhc-Utils 0.25Snap20010625 adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name. | 1.2 |