Weekly Vulnerabilities Reports > August 25 to 31, 2003
Overview
91 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 33 high severity vulnerabilities. This weekly summary report vulnerabilities in 81 products from 48 vendors including Redhat, Microsoft, Apple, Novell, and Linux. Vulnerabilities are notably categorized as "Off-by-one Error", "Permissions, Privileges, and Access Controls", and "Cryptographic Issues".
- 63 reported vulnerabilities are remotely exploitables.
- 91 reported vulnerabilities are exploitable by an anonymous user.
- Redhat has the most reported vulnerabilities, with 12 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-08-27 | CVE-2003-0640 | BEA | Remote Security vulnerability in Weblogic Server BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges. | 10.0 |
2003-08-27 | CVE-2003-0599 | Phpgroupware | Remote Security vulnerability in PHPgroupware 0.9.16Prerc Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. | 10.0 |
2003-08-27 | CVE-2003-0575 | SGI | Privilege Escalation vulnerability in SGI IRIX NSD AUTH_UNIX GID List Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list. | 10.0 |
2003-08-27 | CVE-2003-0502 | Apple | Denial-Of-Service vulnerability in Darwin Streaming Server Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. | 10.0 |
2003-08-27 | CVE-2003-0426 | Apple | Remote Security vulnerability in Apple Darwin Streaming Server 4.1.3 The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator. | 10.0 |
2003-08-27 | CVE-2003-0421 | Apple | Denial-Of-Service vulnerability in Apple Darwin Streaming Server 4.1.3 Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. | 10.0 |
2003-08-27 | CVE-2003-0466 | Wuftpd Redhat Apple SUN Freebsd Netbsd Openbsd | Off-by-one Error vulnerability in multiple products Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. | 9.8 |
33 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-08-27 | CVE-2003-0701 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344. | 7.5 |
2003-08-27 | CVE-2003-0699 | Redhat | Remote Security vulnerability in Linux Advanced Work Station The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700. | 7.5 |
2003-08-27 | CVE-2003-0685 | Netris | Unspecified vulnerability in Netris 0.3/0.4/0.5 Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response. | 7.5 |
2003-08-27 | CVE-2003-0672 | Leon J Breedt | Unspecified vulnerability in Leon J Breedt Pam-Pgsql 0.5.1/0.5.2 Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message. | 7.5 |
2003-08-27 | CVE-2003-0657 | Phpgroupware | SQL-Injection vulnerability in Phpgroupware Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions. | 7.5 |
2003-08-27 | CVE-2003-0654 | Autorespond | Unspecified vulnerability in Autorespond 2.0.2 Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail. | 7.5 |
2003-08-27 | CVE-2003-0651 | MOD Mylo | Buffer Overflow vulnerability in MOD Mylo MOD Mylo 0.1/2.0/2.1 Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | 7.5 |
2003-08-27 | CVE-2003-0650 | Gamespy | File Corruption vulnerability in Gamespy Arcade GSAPAK.EXE .APK Extraction Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. | 7.5 |
2003-08-27 | CVE-2003-0647 | Cisco | Remote Security vulnerability in IOS Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. | 7.5 |
2003-08-27 | CVE-2003-0646 | Trend Micro | Unspecified vulnerability in Trend Micro Damage Cleanup Server and Housecall Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings. | 7.5 |
2003-08-27 | CVE-2003-0638 | Novell | Denial-Of-Service vulnerability in Novell Ichain 2.1 Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login." | 7.5 |
2003-08-27 | CVE-2003-0636 | Novell | Remote Security vulnerability in Novell Ichain 2.2 Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites. | 7.5 |
2003-08-27 | CVE-2003-0634 | Oracle | Buffer Overflow vulnerability in Oracle Database Server EXTPROC Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. | 7.5 |
2003-08-27 | CVE-2003-0632 | Oracle | Remote Security vulnerability in Oracle Applications and E-Business Suite Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. | 7.5 |
2003-08-27 | CVE-2003-0625 | Hadrons | Off-by-one Error vulnerability in Hadrons Xfstt Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response. | 7.5 |
2003-08-27 | CVE-2003-0616 | Mcafee | Unspecified vulnerability in Mcafee Epolicy Orchestrator 2.0/2.5/2.5.1 Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution. | 7.5 |
2003-08-27 | CVE-2003-0605 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000 The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function. | 7.5 |
2003-08-27 | CVE-2003-0546 | Redhat | Unspecified vulnerability in Redhat Up2Date 3.0.71/3.1.231 up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised. | 7.5 |
2003-08-27 | CVE-2003-0532 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability. | 7.5 |
2003-08-27 | CVE-2003-0531 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability. | 7.5 |
2003-08-27 | CVE-2003-0530 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code. | 7.5 |
2003-08-27 | CVE-2003-0353 | Microsoft | Buffer Overflow vulnerability in Microsoft Data Access Components ODBC Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. | 7.5 |
2003-08-27 | CVE-2003-0346 | Microsoft | Unspecified vulnerability in Microsoft Directx Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. | 7.5 |
2003-08-27 | CVE-2003-0149 | Mcafee | Unspecified vulnerability in Mcafee Epolicy Orchestrator 2.0/2.5/2.5.1 Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters. | 7.5 |
2003-08-27 | CVE-2003-0671 | Jeremy Elson | Unspecified vulnerability in Jeremy Elson Tcpflow Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow. | 7.2 |
2003-08-27 | CVE-2003-0655 | Cdrtools | Local Security vulnerability in Cdrtools 2.0/2.0.3 rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges. | 7.2 |
2003-08-27 | CVE-2003-0649 | Xpcd | Unspecified vulnerability in Xpcd Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local users to execute arbitrary code via a long HOME environment variable. | 7.2 |
2003-08-27 | CVE-2003-0631 | Vmware | Local Security vulnerability in Workstation VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session. | 7.2 |
2003-08-27 | CVE-2003-0609 | SUN | Unspecified vulnerability in SUN Solaris and Sunos Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable. | 7.2 |
2003-08-27 | CVE-2003-0597 | SCO | Unspecified vulnerability in SCO Openserver 5.0.6/5.0.7 Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges. | 7.2 |
2003-08-27 | CVE-2003-0232 | Microsoft | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. | 7.2 |
2003-08-27 | CVE-2003-0230 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. | 7.2 |
2003-08-27 | CVE-2003-0148 | Mcafee | Unspecified vulnerability in Mcafee Epolicy Orchestrator The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell. | 7.2 |
41 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-08-27 | CVE-2003-0602 | Mozilla | Local Dependency Graph HTML Injection vulnerability in Bugzilla Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs. | 6.8 |
2003-08-27 | CVE-2003-0677 | Cisco | Denial-Of-Service vulnerability in Cisco Webns 5.00.038S Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka "ONDM Ping failure." | 5.0 |
2003-08-27 | CVE-2003-0676 | SUN | Directory Traversal vulnerability in SUN Iplanet Directory Server and ONE Directory Server Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences. | 5.0 |
2003-08-27 | CVE-2003-0653 | Netbsd | Denial-Of-Service vulnerability in NetBSD The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets. | 5.0 |
2003-08-27 | CVE-2003-0639 | Novell | Remote Security vulnerability in Novell Ichain 2.1 Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication. | 5.0 |
2003-08-27 | CVE-2003-0635 | Novell | Remote Security vulnerability in Novell Ichain 2.2 Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM. | 5.0 |
2003-08-27 | CVE-2003-0633 | Oracle | Information Disclosure vulnerability in Oracle Applications and E-Business Suite Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key. | 5.0 |
2003-08-27 | CVE-2003-0619 | Linux | Unspecified vulnerability in Linux Kernel Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. | 5.0 |
2003-08-27 | CVE-2003-0610 | Mcafee | Unspecified vulnerability in Mcafee Epolicy Orchestrator 3.0 Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request. | 5.0 |
2003-08-27 | CVE-2003-0576 | SGI | Unspecified vulnerability in SGI Irix Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619. | 5.0 |
2003-08-27 | CVE-2003-0562 | Novell | Unspecified vulnerability in Novell Netware 5.1/6.0 Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string. | 5.0 |
2003-08-27 | CVE-2003-0552 | Redhat | Remote Security vulnerability in Redhat Linux 2.4.2 Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. | 5.0 |
2003-08-27 | CVE-2003-0551 | Redhat | Denial-Of-Service vulnerability in Redhat Linux 2.4.2 The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service. | 5.0 |
2003-08-27 | CVE-2003-0550 | Redhat | Remote Security vulnerability in Redhat Linux 2.4.2 The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. | 5.0 |
2003-08-27 | CVE-2003-0549 | Gnome Redhat | Denial-Of-Service vulnerability in Kdebase The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name. | 5.0 |
2003-08-27 | CVE-2003-0548 | Gnome Redhat | Denial-Of-Service vulnerability in Kdebase The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549. | 5.0 |
2003-08-27 | CVE-2003-0540 | Wietse Venema Conectiva | Denial of Service vulnerability in Multiple Postfix The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up. | 5.0 |
2003-08-27 | CVE-2003-0525 | Microsoft | Unspecified vulnerability in Microsoft Windows NT 4.0 The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method. | 5.0 |
2003-08-27 | CVE-2003-0512 | Cisco | Cryptographic Issues vulnerability in Cisco IOS Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge. | 5.0 |
2003-08-27 | CVE-2003-0511 | Cisco | Unspecified vulnerability in Cisco IOS The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. | 5.0 |
2003-08-27 | CVE-2003-0468 | Wietse Venema Conectiva | Denial of Service vulnerability in Multiple Postfix Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port. | 5.0 |
2003-08-27 | CVE-2003-0467 | Linux | Unspecified vulnerability in Linux Kernel 2.4.20/2.4.21 Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error. | 5.0 |
2003-08-27 | CVE-2003-0459 | KDE Redhat | KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. | 5.0 |
2003-08-27 | CVE-2003-0425 | Apple | Unspecified vulnerability in Apple Darwin Streaming Server 4.1.3 Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... | 5.0 |
2003-08-27 | CVE-2003-0424 | Apple | Unspecified vulnerability in Apple Darwin Streaming Server 4.1.3 Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . | 5.0 |
2003-08-27 | CVE-2003-0423 | Apple | Unspecified vulnerability in Apple Darwin Streaming Server 4.1.3 parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter. | 5.0 |
2003-08-27 | CVE-2003-0422 | Apple | Unspecified vulnerability in Apple Darwin Streaming Server 4.1.3 Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters. | 5.0 |
2003-08-27 | CVE-2003-0231 | Microsoft | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. | 5.0 |
2003-08-27 | CVE-2003-0187 | Linux | Unspecified vulnerability in Linux Kernel 2.4.20 The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts. | 5.0 |
2003-08-27 | CVE-2002-1566 | Netris | Remote Memory Corruption vulnerability in Netris 0.3/0.4/0.5 netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284. | 5.0 |
2003-08-27 | CVE-2003-0652 | Xtokkaetama | Local Security vulnerability in Xtokkaetama 1.0B6 Buffer overflow in xtokkaetama allows local users to gain privileges via a long -nickname command line argument, a different vulnerability than CVE-2003-0611. | 4.6 |
2003-08-27 | CVE-2003-0645 | Andries Brouwer | Unspecified vulnerability in Andries Brouwer MAN 2.3.20/2.4.1 man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges. | 4.6 |
2003-08-27 | CVE-2003-0641 | Watchguard | Unspecified vulnerability in Watchguard Serverlock 2.0/2.0.1/2.0.2 WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess. | 4.6 |
2003-08-27 | CVE-2003-0620 | Andries Brouwer | Unspecified vulnerability in Andries Brouwer MAN Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable. | 4.6 |
2003-08-27 | CVE-2003-0617 | Hugo Rabson | Unspecified vulnerability in Hugo Rabson Mindi 0.58R5 mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | 4.6 |
2003-08-27 | CVE-2003-0613 | Zblast | Local Security vulnerability in zblast Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file. | 4.6 |
2003-08-27 | CVE-2003-0611 | Xtokkaetama | Buffer Overflow vulnerability in Xtokkaetama 1.0B6 Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain privileges via a long (1) -display command line argument or (2) XTOKKAETAMADIR environment variable. | 4.6 |
2003-08-27 | CVE-2003-0606 | Cvsup SUP | sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | 4.6 |
2003-08-27 | CVE-2003-0464 | Redhat | Local Security vulnerability in Linux The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd. | 4.6 |
2003-08-27 | CVE-2003-0615 | CGI PM Openpkg Debian | Cross-Site Scripting vulnerability in CGI.pm Start_Form Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. | 4.3 |
2003-08-27 | CVE-2003-0614 | Gallery Project | Unspecified vulnerability in Gallery Project Gallery Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter. | 4.3 |
10 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-08-27 | CVE-2003-0596 | Fdclone | Unspecified vulnerability in Fdclone 2.00A FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time. | 3.6 |
2003-08-27 | CVE-2003-0679 | SGI | Unspecified vulnerability in SGI Irix Unknown vulnerability in the libcpr library for the Checkpoint/Restart (cpr) system on SGI IRIX 6.5.21f and earlier allows local users to truncate or overwrite certain files. | 2.1 |
2003-08-27 | CVE-2003-0670 | Sustainable Softworks | Local Security vulnerability in Sustainable Softworks Ipnetmonitorx and Ipnetsentryx Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications (1) RunTCPDump, which calls tcpdump, and (2) RunTCPFlow, which calls tcpflow. | 2.1 |
2003-08-27 | CVE-2003-0656 | Eroaster | Unspecified vulnerability in Eroaster 2.0.0/2.1.0/2.2.0 eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile. | 2.1 |
2003-08-27 | CVE-2003-0642 | Watchguard | Unspecified vulnerability in Watchguard Serverlock WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \Device\PhysicalMemory. | 2.1 |
2003-08-27 | CVE-2003-0603 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions. | 2.1 |
2003-08-27 | CVE-2003-0547 | Gnome Redhat | GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. | 2.1 |
2003-08-27 | CVE-2003-0461 | Redhat | Unspecified vulnerability in Redhat Linux /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. | 2.1 |
2003-08-27 | CVE-2003-0669 | SUN | Denial-Of-Service vulnerability in Solaris Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users. | 1.2 |
2003-08-27 | CVE-2003-0462 | Mandrakesoft Linux | A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). | 1.2 |