Weekly Vulnerabilities Reports > March 17 to 23, 2003

Overview

20 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 20 products from 19 vendors including IBM, Multitech, Apache, Openldap, and Qualcomm. Vulnerabilities are notably categorized as .

  • 17 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 2 reported vulnerabilities.
  • Qualcomm has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-03-18 CVE-2003-0143 Qualcomm Remote Memory Corruption vulnerability in Qpopper

The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.

10.0
2003-03-18 CVE-2003-0030 Protegrity Buffer Overflow vulnerability in Protegrity Secure.Data 2.2.3.7/2.2.3.8

Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select.

10.0

7 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-03-18 CVE-2003-0126 Multitech Remote Security vulnerability in Multitech Routefinder 550 VPN 4.64Beta

The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities.

7.5
2003-03-18 CVE-2003-0121 Clearswift Unspecified vulnerability in Clearswift Mailsweeper

Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients.

7.5
2003-03-18 CVE-2003-0081 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal

Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.

7.5
2003-03-18 CVE-2003-0077 Hanterm Unspecified vulnerability in Hanterm Hanterm-Xf

The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g.

7.5
2003-03-18 CVE-2003-0069 Putty Remote Security vulnerability in Putty 0.53

The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g.

7.5
2003-03-18 CVE-2003-0067 Aterm Remote Security vulnerability in Aterm 0.42

The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g.

7.5
2003-03-18 CVE-2002-0387 SUN Remote Buffer Overflow vulnerability in SUN ONE Application Server 6.0/6.5

Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL.

7.5

11 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-03-20 CVE-2003-1201 Openldap Denial Of Service vulnerability in OpenLDAP LDBM_Back_Exop_Passwd

ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).

5.0
2003-03-18 CVE-2003-0137 Nokia Remote Security vulnerability in DX200 (SGSN)

SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings.

5.0
2003-03-18 CVE-2003-0125 Multitech Remote Memory Corruption vulnerability in Multitech RouteFinder

Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value.

5.0
2003-03-18 CVE-2003-0123 IBM Buffer Overflow Denial Of Service vulnerability in IBM Lotus Domino and Lotus Notes Client

Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.

5.0
2003-03-18 CVE-2003-0122 IBM Denial Of Service vulnerability in IBM Lotus Domino and Lotus Notes Client

Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.

5.0
2003-03-18 CVE-2003-0104 Peoplesoft Remote Command Execution vulnerability in PeopleSoft PeopleTools SchedulerTransfer

Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet.

5.0
2003-03-18 CVE-2003-0020 Apache Unspecified vulnerability in Apache Http Server

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

5.0
2003-03-18 CVE-2003-1095 BEA Authentication Bypass vulnerability in BEA Weblogic Server 7.0/7.0.0.1

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.

4.6
2003-03-18 CVE-2003-0124 Andries Brouwer Unspecified vulnerability in Andries Brouwer MAN

man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.

4.6
2003-03-18 CVE-2003-0102 File
Netbsd
Local Stack Overflow Code Execution vulnerability in File

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

4.6
2003-03-18 CVE-2003-1203 Mambo Cross-Site Scripting vulnerability in Mambo Site Server 4.0.10

Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter.

4.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS