Weekly Vulnerabilities Reports > May 5 to 11, 2003

Overview

17 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 27 products from 20 vendors including Apple, Microsoft, HP, Samba, and SUN. Vulnerabilities are notably categorized as .

  • 12 reported vulnerabilities are remotely exploitables.
  • 17 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 3 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-05-05 CVE-2003-0209 Smoothwall
Sourcefire 		Integer Overflow vulnerability in Snort TCP Packet Reassembly

Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.
10.0
2003-05-05 CVE-2003-0201 Samba
Samba TNG
Apple
Compaq
HP
SUN 		Remote Buffer Overflow vulnerability in Samba 'call_trans2open'

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
10.0
2003-05-05 CVE-2003-0196 Samba
Samba TNG
Compaq
HP
SUN 		Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
10.0

4 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-05-05 CVE-2003-0204 KDE Unspecified vulnerability in KDE

KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.
7.5
2003-05-05 CVE-2003-0111 Microsoft Unspecified vulnerability in Microsoft products

The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
7.5
2003-05-05 CVE-2003-0173 Xfsdump
SGI 		xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges.
7.2
2003-05-05 CVE-2003-0171 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.
7.2

7 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-05-11 CVE-2003-1146 John Beatty HTML Injection vulnerability in John Beatty Easy PHP Photo Album 1.0

Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
6.8
2003-05-05 CVE-2003-0198 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.
6.4
2003-05-05 CVE-2003-0211 Xinetd Unspecified vulnerability in Xinetd

Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.
5.0
2003-05-05 CVE-2003-0163 Gaim Encryption Remote Heap Corruption vulnerability in Gaim-Encryption 1.13/1.14/1.15

decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte.
5.0
2003-05-05 CVE-2003-0133 Gnome Unspecified vulnerability in Gnome Gtkhtml 1.1.10/1.1.9

GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
5.0
2003-05-05 CVE-2003-0110 Microsoft Unspecified vulnerability in Microsoft ISA Server and Proxy Server

The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
5.0
2003-05-05 CVE-2003-0208 Macromedia Cross-Site Scripting vulnerability in Macromedia Flash

Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.
4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-05-10 CVE-2003-0334 Colten Edwards Denial Of Service vulnerability in BitchX Mode Change

BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c.
2.1
2003-05-05 CVE-2003-0207 GS Common Local Security vulnerability in Gs-Common 0.3.3

ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files.
2.1
2003-05-05 CVE-2003-0136 Astart Technologies Unspecified vulnerability in Astart Technologies Lprng

psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
2.1