Weekly Vulnerabilities Reports > April 7 to 13, 2003

Overview

46 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 19 high severity vulnerabilities. This weekly summary report vulnerabilities in 46 products from 31 vendors including HP, Novell, Ilia Alshanetsky, Apache, and Google. Vulnerabilities are notably categorized as "Missing Release of Resource after Effective Lifetime", and "Information Exposure".

  • 40 reported vulnerabilities are remotely exploitables.
  • 46 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Mcafee has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-04-11 CVE-2002-1440 Gateway Unspecified vulnerability in Gateway Gs-400

The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.

10.0
2003-04-11 CVE-2002-1428 Dotproject Authentication Bypass vulnerability in Dotproject 0.2.1.5

index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.

10.0
2003-04-11 CVE-2002-0690 Mcafee Unspecified vulnerability in Mcafee Epolicy Orchestrator 2.5.1

Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.

10.0

19 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-04-11 CVE-2002-1426 HP Denial Of Service vulnerability in HP Procurve Switch 4000M C.07.23

HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.

7.8
2003-04-11 CVE-2003-0203 Moxftp
Xftp
Buffer Overflow vulnerability in moxftp Banner Parsing

Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner.

7.5
2003-04-11 CVE-2003-0135 Redhat Unspecified vulnerability in Redhat Linux 9.0

vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.

7.5
2003-04-11 CVE-2002-1442 Google Unspecified vulnerability in Google Toolbar

The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.

7.5
2003-04-11 CVE-2002-1441 Tomahawk Technologies Buffer Overflow vulnerability in Tomahawk Technologies Steelarrow 4.1

Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.

7.5
2003-04-11 CVE-2002-1436 Novell Unspecified vulnerability in Novell Netware 5.1/6.0

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.

7.5
2003-04-11 CVE-2002-1435 Achievo Remote File Include Command Execution vulnerability in Achievo

class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.

7.5
2003-04-11 CVE-2002-1431 Belkin Unspecified vulnerability in Belkin F5D5230-4 4-Port Cable DSL Gateway Router 1.20.000

Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host to an internal web server, which allows remote attackers to hide which host is being used to access the web server.

7.5
2003-04-11 CVE-2002-1427 Easy Scripts Archive Unspecified vulnerability in Easy Scripts Archive products

The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.

7.5
2003-04-11 CVE-2002-1421 Ilia Alshanetsky SQL Injection vulnerability in Ilia Alshanetsky Fudforum 1.2.8/1.9.8/2.0.2

SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.

7.5
2003-04-11 CVE-2002-1419 SGI Unspecified vulnerability in SGI Irix

The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address.

7.5
2003-04-11 CVE-2002-1413 Novell Authentication Bypass vulnerability in Novell Netware 6.0

RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.

7.5
2003-04-11 CVE-2002-1412 Gallery Project Remote File Include vulnerability in Bharat Mediratta Gallery

Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.

7.5
2003-04-11 CVE-2002-1410 BEN Chivers
Easy Scripts Archive
Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi.
7.5
2003-04-11 CVE-2002-1408 HP Unspecified vulnerability in HP Openview Emanate Snmp Agent and Vvos

Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "'read-only' community access," and/or (2) an easily guessable community name.

7.5
2003-04-11 CVE-2002-1407 Adam Megacz Unspecified vulnerability in Adam Megacz Tinyssl

TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

7.5
2003-04-11 CVE-2003-0197 Borland Software
Firebirdsql
Local Security vulnerability in Interbase

Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).

7.2
2003-04-11 CVE-2002-1420 Openbsd Buffer Overflow vulnerability in OpenBSD select()

Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.

7.2
2003-04-11 CVE-2002-1406 HP Local Passwd vulnerability in HP Hp-Ux 11.04

Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior."

7.2

23 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-04-11 CVE-2002-1434 Kerio Cross-Site Scripting vulnerability in Kerio MailServer Web Mail

Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.

6.8
2003-04-11 CVE-2002-1425 John G Myers Unspecified vulnerability in John G. Myers Mpack

Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted.

6.4
2003-04-11 CVE-2003-0169 HP Remote Denial Of Service vulnerability in HP Instant Toptools 5.04

hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop.

5.0
2003-04-11 CVE-2003-0134 Apache Unspecified vulnerability in Apache Http Server

Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.

5.0
2003-04-11 CVE-2003-0132 Apache Missing Release of Resource After Effective Lifetime vulnerability in Apache Http Server

A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.

5.0
2003-04-11 CVE-2002-1443 Google Information Disclosure vulnerability in Multiple Vendor Toolbar Keypress Monitoring

The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.

5.0
2003-04-11 CVE-2002-1438 Novell Remote Perl Version Disclosure vulnerability in Novell Netware 5.1/6.0

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.

5.0
2003-04-11 CVE-2002-1437 Novell Directory Traversal vulnerability in Novell Netware 5.1/6.0

Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.

5.0
2003-04-11 CVE-2002-1433 Kerio Denial-Of-Service vulnerability in Kerio Mailserver 5.0

Kerio MailServer 5.0 allows remote attackers to cause a denial of service (hang) via SYN packets to the supported network services.

5.0
2003-04-11 CVE-2002-1432 Coxco Support Information Exposure vulnerability in Coxco Support products

MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.

5.0
2003-04-11 CVE-2002-1430 Synthetic Reality Unspecified vulnerability in Synthetic Reality Sympoll 1.2

Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters.

5.0
2003-04-11 CVE-2002-1429 Endity COM HTML Injection vulnerability in Endity.Com Shoutbox 1.2

Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter.

5.0
2003-04-11 CVE-2002-1424 John G Myers Buffer Overflow vulnerability in John G. Myers MUnpack Malformed MIME Encoded Message

Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

5.0
2003-04-11 CVE-2002-1423 Ilia Alshanetsky Unspecified vulnerability in Ilia Alshanetsky Fudforum 1.2.8/1.9.8/2.0.2

tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.

5.0
2003-04-11 CVE-2002-1422 Ilia Alshanetsky Unspecified vulnerability in Ilia Alshanetsky Fudforum 1.2.8/1.9.8/2.0.2

admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.

5.0
2003-04-11 CVE-2002-1418 Novell Buffer Overflow vulnerability in Novell NetBasic Interpreter Module Name

Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name.

5.0
2003-04-11 CVE-2002-1417 Novell Directory Traversal vulnerability in Novell NetBasic Scripting Server

Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator.

5.0
2003-04-11 CVE-2002-1416 Webeasymail Information Disclosure vulnerability in WebEasyMail POP3 Server Valid User Name

The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks.

5.0
2003-04-11 CVE-2002-1415 Webeasymail Unspecified vulnerability in Webeasymail

Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests.

5.0
2003-04-11 CVE-2002-1411 Duma Unspecified vulnerability in Duma Photo Gallery System 0.99.4

Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System (DPGS) 0.99.4 allows remote attackers to read arbitrary files via ..

5.0
2003-04-11 CVE-2002-1143 Microsoft Unspecified vulnerability in Microsoft Excel and Word

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."

5.0
2003-04-11 CVE-2002-1439 HP Stack Corruption vulnerability in HP Virtualvault and Vvos

Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.

4.6
2003-04-11 CVE-2002-1414 Inter7 Local Buffer Overflow vulnerability in qmailadmin

Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.

4.6

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-04-11 CVE-2002-1409 HP Denial Of Service vulnerability in HP Hp-Ux 11.00/11.04/11.11

ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."

2.1