Weekly Vulnerabilities Reports > September 22 to 28, 2003

Overview

15 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 14 products from 13 vendors including Sane, Microsoft, Progress, Digium, and Oracle. Vulnerabilities are notably categorized as .

  • 14 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities are exploitable by an anonymous user.
  • Sane has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-09-22 CVE-2003-0722 SUN Remote Administrative Access vulnerability in Sun Solaris SAdmin Client Credentials

The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.

10.0
2003-09-22 CVE-2003-0693 Openbsd Unspecified vulnerability in Openbsd Openssh

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

10.0
2003-09-22 CVE-2003-0780 Mysql
Oracle
Conectiva
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
9.0

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-09-22 CVE-2003-0779 Digium Unspecified vulnerability in Digium Asterisk

SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.

7.5
2003-09-22 CVE-2003-0776 Sane Remote vulnerability in Multiple Sane Package

saned in sane-backends 1.0.7 and earlier does not properly "check the validity of the RPC numbers it gets before getting the parameters," with unknown consequences.

7.5
2003-09-22 CVE-2003-0774 Sane Remote vulnerability in Multiple Sane Package

saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.

7.5
2003-09-22 CVE-2003-0773 Sane Remote vulnerability in Multiple Sane Package

saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.

7.5
2003-09-22 CVE-2003-0772 Ipswitch
Progress
Buffer Overrun vulnerability in Ipswitch WS_FTP Server FTP Command

Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.

7.5
2003-09-22 CVE-2003-0770 Ikonboard COM Remote Security vulnerability in Ikonboard 3.1.1/3.1.2A

FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.

7.5

6 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-09-22 CVE-2003-0768 Microsoft Cross-Site Scripting vulnerability in Microsoft Asp.Net 1.1

Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.

6.8
2003-09-22 CVE-2003-0778 Sane Remote vulnerability in Multiple Sane Package

saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).

5.0
2003-09-22 CVE-2003-0777 Sane Remote vulnerability in Multiple Sane Package

saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).

5.0
2003-09-22 CVE-2003-0775 Sane Remote vulnerability in Multiple Sane Package

saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).

5.0
2003-09-22 CVE-2003-0771 Apache Gallery Local Security vulnerability in Apache Gallery

Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.

4.6
2003-09-22 CVE-2003-0769 Mirabilis Cross-Site Scripting vulnerability in Mirabilis ICQ 2003Abuild3777/2003Abuild3799/2003Abuild3800

Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field.

4.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS