Weekly Vulnerabilities Reports > October 6 to 12, 2003
Overview
21 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 29 products from 20 vendors including IBM, Nokia, Openbsd, Apple, and HP. Vulnerabilities are notably categorized as "Cross-site Scripting", and "Deserialization of Untrusted Data".
- 16 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 21 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 7 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-10-06 | CVE-2003-0784 | IBM | Unspecified vulnerability in IBM AIX 4.3.3/5.1/5.2 Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers. | 10.0 |
| 2003-10-06 | CVE-2003-0694 | Sendmail SGI Apple Compaq Freebsd Gentoo HP IBM Netbsd SUN Turbolinux | The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. | 10.0 |
| 2003-10-06 | CVE-2003-0690 | KDE | Unspecified vulnerability in KDE KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module. | 10.0 |
| 2003-10-07 | CVE-2003-0791 | Mozilla SCO | Deserialization of Untrusted Data vulnerability in multiple products The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. | 9.8 |
14 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-10-06 | CVE-2003-0826 | GNU | Unspecified vulnerability in GNU LSH 1.4/1.4.1/1.4.2 lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack. | 7.5 |
| 2003-10-06 | CVE-2003-0805 | University OF Minnesota | Unspecified vulnerability in University of Minnesota Gopherd Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type. | 7.5 |
| 2003-10-06 | CVE-2003-0803 | Nokia | Remote Security vulnerability in Nokia Electronic Documentation 5.0 Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user. | 7.5 |
| 2003-10-06 | CVE-2003-0785 | Brian Bassett | Unspecified vulnerability in Brian Bassett Ipmasq 3.5.10 ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering. | 7.5 |
| 2003-10-06 | CVE-2003-0695 | Openbsd | Unspecified vulnerability in Openbsd Openssh Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693. | 7.5 |
| 2003-10-06 | CVE-2003-0692 | KDE | Unspecified vulnerability in KDE KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session. | 7.5 |
| 2003-10-06 | CVE-2003-0682 | Openbsd | Remote Security vulnerability in OpenSSH "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695. | 7.5 |
| 2003-10-06 | CVE-2003-0681 | Sendmail Apple Gentoo HP IBM Netbsd Openbsd Turbolinux | Buffer Overflow vulnerability in Sendmail Ruleset Parsing A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. | 7.5 |
| 2003-10-06 | CVE-2003-0680 | SGI | Unspecified vulnerability in SGI Irix 6.5.21/6.5.21F/6.5.21M Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions. | 7.5 |
| 2003-10-06 | CVE-2003-0783 | Yongguang Zhang | Buffer Overflow vulnerability in Yongguang Zhang Hztty 2.0 Multiple buffer overflows in hztty 2.0 allow local users to gain root privileges. | 7.2 |
| 2003-10-06 | CVE-2003-0759 | IBM | Buffer Overflow vulnerability in IBM DB2 Universal Database 7.2 Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument. | 7.2 |
| 2003-10-06 | CVE-2003-0758 | IBM | Buffer Overflow vulnerability in IBM DB2 Universal Database 7.2 Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument. | 7.2 |
| 2003-10-06 | CVE-2003-0742 | SCO | Unspecified vulnerability in SCO Openserver 5.0.5/5.0.6/5.0.7 SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program. | 7.2 |
| 2003-10-06 | CVE-2003-0697 | IBM | Denial-Of-Service vulnerability in IBM AIX 4.3/5.1/5.2 Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges. | 7.2 |
3 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-10-06 | CVE-2003-0827 | IBM | Denial-Of-Service vulnerability in IBM DB2 Universal Database 7.1/7.2 The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523. | 5.0 |
| 2003-10-06 | CVE-2003-0802 | Nokia | Remote Security vulnerability in Nokia Electronic Documentation 5.0 Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . | 5.0 |
| 2003-10-06 | CVE-2003-0801 | Nokia | Cross-Site Scripting vulnerability in Nokia Electronic Documentation 5.0 Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script. | 4.3 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|