Weekly Vulnerabilities Reports > May 26 to June 1, 2003

Overview

26 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 24 products from 18 vendors including Mirabilis, Cisco, Bvrp Software, Linux, and GNU. Vulnerabilities are notably categorized as .

  • 22 reported vulnerabilities are remotely exploitables.
  • 26 reported vulnerabilities are exploitable by an anonymous user.
  • Mirabilis has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • GNU has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-05-27 CVE-2003-0274 Cren Remote Security vulnerability in Cren Listproc 8.2.9

Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remote attackers to execute arbitrary code via a long ULISTPROC_UMASK value.

10.0
2003-05-27 CVE-2003-0272 Miniportal Remote Security vulnerability in MiniPortal

admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an "adminok" value.

10.0
2003-05-27 CVE-2003-0255 GNU Unspecified vulnerability in GNU Privacy Guard

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.

10.0

13 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-05-27 CVE-2003-0271 Cooolsoft Remote Security vulnerability in Personal Ftp Server

Buffer overflow in Personal FTP Server allows remote attackers to execute arbitrary code via a long USER argument.

7.5
2003-05-27 CVE-2003-0266 Bvrp Software Denial-Of-Service vulnerability in Bvrp Software Slwebmail 3.0

Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll.

7.5
2003-05-27 CVE-2003-0264 Seattle LAB Software Unspecified vulnerability in Seattle LAB Software Slmail 5.1.0.4420

Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server.

7.5
2003-05-27 CVE-2003-0263 Floosietek Buffer Overflow vulnerability in Floosietek Ftgatepro 1.221328

Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.

7.5
2003-05-27 CVE-2003-0258 Cisco Remote Security vulnerability in VPN 3000 Concentrator

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.

7.5
2003-05-27 CVE-2003-0256 KDE Unspecified vulnerability in KDE Kopete 0.6.1

The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.

7.5
2003-05-27 CVE-2003-0243 Happycgi Unspecified vulnerability in Happycgi Happymall 4.3/4.4

Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts.

7.5
2003-05-27 CVE-2003-0237 Mirabilis Remote Command Execution vulnerability in Mirabilis ICQ Features On Demand

The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.

7.5
2003-05-27 CVE-2003-0236 Mirabilis Integer Overflow vulnerability in Mirabilis ICQ POP3 Client Subject Field Signed

Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.

7.5
2003-05-27 CVE-2003-0235 Mirabilis Unspecified vulnerability in Mirabilis ICQ

Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command.

7.5
2003-05-27 CVE-2003-0228 Microsoft Unspecified vulnerability in Microsoft Windows Media Player 7.1

Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.

7.5
2003-05-27 CVE-2003-0269 Youbin Buffer Overflow vulnerability in Youbin HOME

Buffer overflow in youbin allows local users to gain privileges via a long HOME environment variable.

7.2
2003-05-27 CVE-2003-0262 Leksbot Multiple Unspecified vulnerability in Leksbot 1.2

leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have.

7.2

10 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-05-27 CVE-2003-0273 Best Practical Solutions Cross-Site Scripting vulnerability in Request Tracker

Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies.

6.8
2003-05-27 CVE-2003-0265 SAP Unspecified vulnerability in SAP DB 7.3.29/7.4.3.7Beta

Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.

6.2
2003-05-27 CVE-2003-0268 Bvrp Software Remote Security vulnerability in Bvrp Software Slwebmail 3.0

SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message.

5.0
2003-05-27 CVE-2003-0267 Bvrp Software Remote Security vulnerability in Bvrp Software Slwebmail 3.0

ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file.

5.0
2003-05-27 CVE-2003-0260 Cisco Denial-Of-Service vulnerability in VPN 3000 Concentrator

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets.

5.0
2003-05-27 CVE-2003-0259 Cisco Denial-Of-Service vulnerability in VPN 3000 Concentrator

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.

5.0
2003-05-27 CVE-2003-0244 Linux Remote Denial Of Service vulnerability in Linux Kernel 2.4.0

The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions.

5.0
2003-05-27 CVE-2003-0239 Mirabilis Denial Of Service vulnerability in Mirabilis ICQ GIF Parsing

icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.

5.0
2003-05-27 CVE-2003-0238 Mirabilis Denial Of Service vulnerability in Mirabilis ICQ Message Session Window

The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag.

5.0
2003-05-27 CVE-2003-0261 Fuzz Local Security vulnerability in Fuzz

fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges.

4.6

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS