Weekly Vulnerabilities Reports > May 5 to 11, 2003
Overview
17 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 27 products from 20 vendors including Apple, Microsoft, HP, Samba, and SUN. Vulnerabilities are notably categorized as .
- 12 reported vulnerabilities are remotely exploitables.
- 17 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 3 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-05-05 | CVE-2003-0209 | Smoothwall Sourcefire | Integer Overflow vulnerability in Snort TCP Packet Reassembly Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow. | 10.0 |
2003-05-05 | CVE-2003-0201 | Samba Samba TNG Apple Compaq HP SUN | Remote Buffer Overflow vulnerability in Samba 'call_trans2open' Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. | 10.0 |
2003-05-05 | CVE-2003-0196 | Samba Samba TNG Compaq HP SUN | Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201. | 10.0 |
4 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-05-05 | CVE-2003-0204 | KDE | Unspecified vulnerability in KDE KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer. | 7.5 |
2003-05-05 | CVE-2003-0111 | Microsoft | Unspecified vulnerability in Microsoft products The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." | 7.5 |
2003-05-05 | CVE-2003-0173 | Xfsdump SGI | xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges. | 7.2 |
2003-05-05 | CVE-2003-0171 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program. | 7.2 |
7 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-05-11 | CVE-2003-1146 | John Beatty | HTML Injection vulnerability in John Beatty Easy PHP Photo Album 1.0 Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | 6.8 |
2003-05-05 | CVE-2003-0198 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files. | 6.4 |
2003-05-05 | CVE-2003-0211 | Xinetd | Unspecified vulnerability in Xinetd Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections. | 5.0 |
2003-05-05 | CVE-2003-0163 | Gaim Encryption | Remote Heap Corruption vulnerability in Gaim-Encryption 1.13/1.14/1.15 decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte. | 5.0 |
2003-05-05 | CVE-2003-0133 | Gnome | Unspecified vulnerability in Gnome Gtkhtml 1.1.10/1.1.9 GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages. | 5.0 |
2003-05-05 | CVE-2003-0110 | Microsoft | Unspecified vulnerability in Microsoft ISA Server and Proxy Server The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745. | 5.0 |
2003-05-05 | CVE-2003-0208 | Macromedia | Cross-Site Scripting vulnerability in Macromedia Flash Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field. | 4.3 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-05-10 | CVE-2003-0334 | Colten Edwards | Denial Of Service vulnerability in BitchX Mode Change BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c. | 2.1 |
2003-05-05 | CVE-2003-0207 | GS Common | Local Security vulnerability in Gs-Common 0.3.3 ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files. | 2.1 |
2003-05-05 | CVE-2003-0136 | Astart Technologies | Unspecified vulnerability in Astart Technologies Lprng psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file. | 2.1 |