Weekly Vulnerabilities Reports > July 21 to 27, 2003

Overview

32 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 30 products from 25 vendors including Ethereal Group, Microsoft, Linux, Redhat, and SUN. Vulnerabilities are notably categorized as .

  • 24 reported vulnerabilities are remotely exploitables.
  • 32 reported vulnerabilities are exploitable by an anonymous user.
  • Ethereal Group has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • Ethereal Group has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-07-24 CVE-2003-0432 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal

Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.

10.0
2003-07-24 CVE-2003-0431 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal

The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences.

10.0

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-07-24 CVE-2003-0445 Webfs Unspecified vulnerability in Webfs

Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI.

7.5
2003-07-24 CVE-2003-0437 Mnogosearch Buffer Overflow vulnerability in Mnogosearch 3.2.10

Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter.

7.5
2003-07-24 CVE-2003-0436 Mnogosearch Buffer Overflow vulnerability in Mnogosearch 3.1.20

Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter.

7.5
2003-07-24 CVE-2003-0435 Typespeed Unspecified vulnerability in Typespeed

Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier allows remote attackers to execute arbitrary code.

7.5
2003-07-24 CVE-2003-0434 Adobe
Xpdf
Mandrakesoft
Redhat
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
7.5
2003-07-24 CVE-2003-0433 Gnocatan Develop Unspecified vulnerability in Gnocatan-Develop Gnocatan

Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code.

7.5
2003-07-24 CVE-2003-0429 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal

The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.

7.5
2003-07-24 CVE-2003-0427 Miod Vallat Unspecified vulnerability in Miod Vallat Mikmod 3.1.6

Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.

7.5
2003-07-24 CVE-2003-0349 Microsoft Unspecified vulnerability in Microsoft Windows 2000

Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.

7.5

15 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-07-24 CVE-2003-0348 Microsoft Unspecified vulnerability in Microsoft Windows Media Player 9

A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script.

6.4
2003-07-24 CVE-2003-0447 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0

The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.

5.1
2003-07-24 CVE-2003-0430 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal

The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value.

5.0
2003-07-24 CVE-2003-0428 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal

Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string.

5.0
2003-07-24 CVE-2003-0419 SMC Networks Unspecified vulnerability in SMC Networks Barricade Wireless Cable DSL Broadband Router Smc7004Vwbr

SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR allows remote attackers to cause a denial of service via certain packets to PPTP port 1723 on the internal interface.

5.0
2003-07-24 CVE-2003-0418 Linux Remote Security vulnerability in kernel

The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses.

5.0
2003-07-24 CVE-2003-0379 Apple Unspecified vulnerability in Apple AFP Server

Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files.

5.0
2003-07-24 CVE-2003-0366 Lysator Unspecified vulnerability in Lysator Lyskom-Server

lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query.

5.0
2003-07-24 CVE-2003-0251 NIS Denial Of Service vulnerability in Multiple Vendor NIS Server YPSERV

ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block.

5.0
2003-07-23 CVE-2003-1064 SUN Denial of Service vulnerability in Sun Solaris IPv6 Packet

Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet.

5.0
2003-07-24 CVE-2003-0388 Andrew Morgan Unspecified vulnerability in Andrew Morgan Linux PAM

pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.

4.6
2003-07-24 CVE-2003-0359 Stichting Mathematisch Centrum Unspecified vulnerability in Stichting Mathematisch Centrum Nethack 3.4.0

nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.

4.6
2003-07-24 CVE-2003-0446 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0

Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message.

4.3
2003-07-24 CVE-2003-0442 PHP
Redhat
Cross-Site Scripting vulnerability in PHP Transparent Session ID

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

4.3
2003-07-24 CVE-2003-0389 RSA Unspecified vulnerability in RSA ACE Agent 5.0

Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.

4.3

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-07-24 CVE-2003-0448 Aboleo NET Local Security vulnerability in Portmon

Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options.

3.6
2003-07-24 CVE-2001-1409 Xfree86 Project Unspecified vulnerability in Xfree86 Project Xfree86 X Server 4.1.0.2

dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.

3.6
2003-07-25 CVE-2003-0643 Linux Denial-Of-Service vulnerability in kernel

Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash).

2.1
2003-07-24 CVE-2003-0381 Norman Ramsey Unspecified vulnerability in Norman Ramsey Noweb

Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script.

2.1
2003-07-23 CVE-2003-1065 SUN Denial of Service vulnerability in SUN Sunos 5.8

Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash).

2.1
2003-07-24 CVE-2003-0438 Yuuichi Teranishi Unspecified vulnerability in Yuuichi Teranishi Eldav

eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

1.2