Weekly Vulnerabilities Reports > August 18 to 24, 2003

Overview

3 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 3 products from 3 vendors including IBM, Linux NFS, and Mgetty Project. Vulnerabilities are notably categorized as "Link Following", and "Off-by-one Error".

1 reported vulnerabilities are remotely exploitables.
1 reported vulnerabilities are exploitable by an anonymous user.
IBM has the most reported vulnerabilities, with 1 reported vulnerabilities.
Linux NFS has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES

CRITICAL RISK
VULNERABILITIES

HIGH RISK
VULNERABILITIES

MEDIUM RISK
VULNERABILITIES

LOW RISK
VULNERABILITIES

REMOTELY
EXPLOITABLE

LOCALLY
EXPLOITABLE

EXPLOIT
AVAILABLE

EXPLOITABLE
ANONYMOUSLY

AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2003-08-18	CVE-2003-0252	Linux NFS	Off-by-one Error vulnerability in Linux-Nfs Nfs-Utils Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.	9.8

Expand/Hide

1 High Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2003-08-18	CVE-2003-0578	IBM	Link Following vulnerability in IBM U2 Universe 10.0.0.9 cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.	7.8

Expand/Hide

1 Medium Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2003-08-18	CVE-2003-0517	Mgetty Project	Link Following vulnerability in Mgetty Project Mgetty 1.1.28 faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.	5.5

Expand/Hide

0 Low Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS