Weekly Vulnerabilities Reports > June 16 to 22, 2003

Overview

56 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 58 products from 47 vendors including Redhat, Snowblind NET, Microsoft, Qualcomm, and Apple. Vulnerabilities are notably categorized as "Numeric Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", and "Cross-site Scripting".

  • 48 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 56 reported vulnerabilities are exploitable by an anonymous user.
  • Redhat has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Redhat has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-06-16 CVE-2003-0374 Nessus Remote Security vulnerability in Nessus

Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka "similar issues in other nasl functions as well as in libnessus."

10.0
2003-06-16 CVE-2003-0288 Hiroaki Shirouzu Buffer Overflow vulnerability in Hiroaki Shirouzu IP Messenger 2.00

Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the overflow when the user saves the file.

10.0
2003-06-16 CVE-2003-0280 Youngzsoft Buffer Overflow vulnerability in Youngzsoft Cmailserver 4.0.2003.23.27

Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.

10.0
2003-06-16 CVE-2003-0248 Redhat Unspecified vulnerability in Redhat Linux

The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.

10.0

18 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-06-16 CVE-2003-0270 Apple Unspecified vulnerability in Apple 802.11N 7.3.1

The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.

7.6
2003-06-17 CVE-2003-1086 Pmachine Remote Security vulnerability in Pmachine Free and Pmachine PRO

PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code.

7.5
2003-06-16 CVE-2003-0378 Apple Unspecified vulnerability in Apple mac OS X

The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set.

7.5
2003-06-16 CVE-2003-0371 Prishtina Soft Denial-Of-Service vulnerability in Prishtina Soft Prishtina FTP V.1

Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner.

7.5
2003-06-16 CVE-2003-0370 Apple
KDE
Redhat
Turbolinux
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
7.5
2003-06-16 CVE-2003-0354 Redhat Unspecified vulnerability in Redhat Linux

Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.

7.5
2003-06-16 CVE-2003-0344 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.

7.5
2003-06-16 CVE-2003-0315 Snowblind NET Denial-Of-Service vulnerability in Snowblind.Net Snowblind web Server 1.0

Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP request, which may trigger a buffer overflow.

7.5
2003-06-16 CVE-2003-0299 Mutt
Stuart Parmenter
Denial-Of-Service vulnerability in Balsa

The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors.

7.5
2003-06-16 CVE-2003-0298 Mozilla Denial-Of-Service vulnerability in Browser

The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.

7.5
2003-06-16 CVE-2003-0297 University OF Washington Unspecified vulnerability in University of Washington C-Client, Imap-2002B and Pine

c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.

7.5
2003-06-16 CVE-2003-0296 Ximian Denial-Of-Service vulnerability in Ximian Evolution 1.2.4

The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.

7.5
2003-06-16 CVE-2003-0286 Snitz Communications SQL Injection vulnerability in Snitz Communications Snitz Forums 2000

SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.

7.5
2003-06-16 CVE-2003-0284 Adobe Remote Security vulnerability in Adobe Acrobat 5.0

Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus.

7.5
2003-06-16 CVE-2002-1565 Immunix Denial-Of-Service vulnerability in Immunix 7

Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.

7.5
2003-06-19 CVE-2003-1067 SUN Local Security vulnerability in RETIRED: Oracle Solaris

Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.

7.2
2003-06-16 CVE-2003-0289 Cdrtools Unspecified vulnerability in Cdrtools Cdrecord 1.11/2.0

Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.

7.2
2003-06-16 CVE-2002-1155 Redhat Unspecified vulnerability in Redhat Linux

Buffer overflow in KON kon2 0.3.9b and earlier allows local users to execute arbitrary code via a long -Coding command line argument.

7.2

31 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-06-16 CVE-2003-0310 EZ Cross-Site Scripting vulnerability in EZ Publish 2.2

Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script.

6.8
2003-06-16 CVE-2003-0295 Jelsoft Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0Beta2

Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.

6.8
2003-06-16 CVE-2003-0292 Inktomi Cross-Site Scripting vulnerability in Inktomi Traffic-Server 5.5.1

Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS.

6.8
2003-06-16 CVE-2003-0287 SIX Apart Unspecified vulnerability in SIX Apart Movable Type 2.63

Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.

6.8
2003-06-16 CVE-2003-0283 Phorum HTML Injection Variant vulnerability in Phorum Message Form Field

Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail.

6.8
2003-06-16 CVE-2003-0278 Happycgi COM Cross-Site Scripting vulnerability in Happymall E-Commerce Software Normal_HTML.CGI

Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter.

6.8
2003-06-16 CVE-2003-0217 Neoteris Unspecified vulnerability in Neoteris Instant Virtual Extranet 3.01

Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script.

6.8
2003-06-16 CVE-2003-0314 Snowblind NET Denial-Of-Service vulnerability in Snowblind.Net Snowblind web Server 1.0

Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a "</" sequence.

6.4
2003-06-16 CVE-2003-0313 Snowblind NET Directory Traversal vulnerability in Snowblind.Net Snowblind web Server 1.0

Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ...

6.4
2003-06-16 CVE-2003-0312 Snowblind NET Directory Traversal vulnerability in Snowblind.Net Snowblind web Server 1.0

Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a ..

6.4
2003-06-16 CVE-2003-0275 Yabb Remote Security vulnerability in Yabb 1.5.2

SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code.

5.1
2003-06-16 CVE-2003-0376 Qualcomm Denial-Of-Service vulnerability in Qualcomm Eudora 5.2.1

Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a denial of service (crash and failed restart) and possibly execute arbitrary code via an Attachment Converted argument with a large number of .

5.0
2003-06-16 CVE-2003-0364 Redhat Unspecified vulnerability in Redhat Linux

The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.

5.0
2003-06-16 CVE-2003-0316 Fourelle Venturi Wireless Remote Security vulnerability in Venturi Client

Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers.

5.0
2003-06-16 CVE-2003-0302 Qualcomm Denial-Of-Service vulnerability in Qualcomm Eudora 5.2.1

The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.

5.0
2003-06-16 CVE-2003-0301 Microsoft Denial-Of-Service vulnerability in Microsoft Outlook Express 6.00.2800.1106

The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.

5.0
2003-06-16 CVE-2003-0300 Microsoft
Mozilla
Mutt
Qualcomm
Stuart Parmenter
Sylpheed
University OF Washington
Ximian
Denial-Of-Service vulnerability in Pine

The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.

5.0
2003-06-16 CVE-2003-0294 PHP Proxima Remote Security vulnerability in PHP-Proxima 6.0

autohtml.php in php-proxima 6.0 and earlier allows remote attackers to read arbitrary files via the name parameter in a modload operation.

5.0
2003-06-16 CVE-2003-0293 Palm Denial-Of-Service vulnerability in Palmos

PalmOS allows remote attackers to cause a denial of service (CPU consumption) via a flood of ICMP echo request (ping) packets.

5.0
2003-06-16 CVE-2003-0291 3Com Information Disclosure vulnerability in 3Com 3Cp4144 1.1.7

3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.

5.0
2003-06-16 CVE-2003-0290 Etype Denial Of Service vulnerability in Etype Eserv 2.9X

Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated.

5.0
2003-06-16 CVE-2003-0285 IBM Unspecified vulnerability in IBM AIX

IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail.

5.0
2003-06-16 CVE-2003-0277 Happycgi Unspecified vulnerability in Happycgi Happymall 4.3/4.4

Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via ..

5.0
2003-06-16 CVE-2003-0276 PI3 Denial Of Service vulnerability in PI3 Pi3Web 2.0.1

Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters.

5.0
2003-06-16 CVE-2003-0247 Redhat Unspecified vulnerability in Redhat Linux

Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").

5.0
2003-06-16 CVE-2003-0195 Slackware Denial Of Service vulnerability in Slackware Linux 8.1/9.0

CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.

5.0
2003-06-16 CVE-2003-0372 Nessus Numeric Errors vulnerability in Nessus

Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script.

4.6
2003-06-16 CVE-2003-0365 ICQ INC Local Security vulnerability in ICQ INC Icqlite 2003A

ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs.

4.6
2003-06-16 CVE-2003-0281 Firebirdsql Buffer Overflow vulnerability in Firebirdsql Firebird 1.0.2

Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.

4.6
2003-06-16 CVE-2003-0373 Nessus Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nessus

Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to the ftp_log_in function, (3) a long pass argument to the ftp_log_in function.

4.4
2003-06-16 CVE-2003-0375 XMB Forum Unspecified vulnerability in XMB Forum XMB 1.11/1.6/1.8

Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-06-16 CVE-2003-0246 Linux Unspecified vulnerability in Linux Kernel

The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.

3.6
2003-06-16 CVE-2003-0282 Info ZIP
SCO
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two .
2.6
2003-06-16 CVE-2003-0279 Francisco Burzi Remote SQL Injection vulnerability in PHPNuke Web_Links Module

Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.

2.6