Weekly Vulnerabilities Reports > September 22 to 28, 2003
Overview
14 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 12 products from 11 vendors including Sane, Microsoft, Oracle, Openbsd, and Digium. Vulnerabilities are notably categorized as .
- 13 reported vulnerabilities are remotely exploitables.
- 13 reported vulnerabilities are exploitable by an anonymous user.
- Sane has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-09-22 | CVE-2003-0722 | SUN | Remote Administrative Access vulnerability in Sun Solaris SAdmin Client Credentials The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets. | 10.0 |
| 2003-09-22 | CVE-2003-0693 | Openbsd | Unspecified vulnerability in Openbsd Openssh A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695. | 10.0 |
| 2003-09-22 | CVE-2003-0780 | Mysql Oracle Conectiva | Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field. | 9.0 |
5 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-09-22 | CVE-2003-0779 | Digium | Unspecified vulnerability in Digium Asterisk SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string. | 7.5 |
| 2003-09-22 | CVE-2003-0776 | Sane | Remote vulnerability in Multiple Sane Package saned in sane-backends 1.0.7 and earlier does not properly "check the validity of the RPC numbers it gets before getting the parameters," with unknown consequences. | 7.5 |
| 2003-09-22 | CVE-2003-0774 | Sane | Remote vulnerability in Multiple Sane Package saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed. | 7.5 |
| 2003-09-22 | CVE-2003-0773 | Sane | Remote vulnerability in Multiple Sane Package saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf. | 7.5 |
| 2003-09-22 | CVE-2003-0770 | Ikonboard COM | Remote Security vulnerability in Ikonboard 3.1.1/3.1.2A FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement. | 7.5 |
6 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-09-22 | CVE-2003-0768 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Asp.Net 1.1 Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name. | 6.8 |
| 2003-09-22 | CVE-2003-0778 | Sane | Remote vulnerability in Multiple Sane Package saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption). | 5.0 |
| 2003-09-22 | CVE-2003-0777 | Sane | Remote vulnerability in Multiple Sane Package saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault). | 5.0 |
| 2003-09-22 | CVE-2003-0775 | Sane | Remote vulnerability in Multiple Sane Package saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash). | 5.0 |
| 2003-09-22 | CVE-2003-0771 | Apache Gallery | Local Security vulnerability in Apache Gallery Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does. | 4.6 |
| 2003-09-22 | CVE-2003-0769 | Mirabilis | Unspecified vulnerability in Mirabilis ICQ 2003Abuild3777/2003Abuild3799/2003Abuild3800 Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field. | 4.3 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|