Weekly Vulnerabilities Reports > October 6 to 12, 2003

Overview

22 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 30 products from 21 vendors including IBM, Openbsd, Nokia, Apple, and HP. Vulnerabilities are notably categorized as and "Cross-site Scripting".

  • 17 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 22 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-10-06 CVE-2003-0784 IBM Unspecified vulnerability in IBM AIX 4.3.3/5.1/5.2

Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.

10.0
2003-10-06 CVE-2003-0694 Sendmail
SGI
Apple
Compaq
Freebsd
Gentoo
HP
IBM
Netbsd
SUN
Turbolinux
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
10.0
2003-10-06 CVE-2003-0690 KDE Unspecified vulnerability in KDE

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.

10.0

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-10-07 CVE-2003-0791 Mozilla
SCO
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
7.5
2003-10-06 CVE-2003-0826 GNU Unspecified vulnerability in GNU LSH 1.4/1.4.1/1.4.2

lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.

7.5
2003-10-06 CVE-2003-0805 University OF Minnesota Unspecified vulnerability in University of Minnesota Gopherd

Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.

7.5
2003-10-06 CVE-2003-0803 Nokia Remote Security vulnerability in Nokia Electronic Documentation 5.0

Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user.

7.5
2003-10-06 CVE-2003-0785 Brian Bassett Unspecified vulnerability in Brian Bassett Ipmasq 3.5.10

ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering.

7.5
2003-10-06 CVE-2003-0695 Openbsd Unspecified vulnerability in Openbsd Openssh

Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.

7.5
2003-10-06 CVE-2003-0692 KDE Unspecified vulnerability in KDE

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.

7.5
2003-10-06 CVE-2003-0682 Openbsd Remote Security vulnerability in OpenSSH

"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.

7.5
2003-10-06 CVE-2003-0681 Sendmail
Apple
Gentoo
HP
IBM
Netbsd
Openbsd
Turbolinux
Buffer Overflow vulnerability in Sendmail Ruleset Parsing

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

7.5
2003-10-06 CVE-2003-0680 SGI Unspecified vulnerability in SGI Irix 6.5.21/6.5.21F/6.5.21M

Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions.

7.5
2003-10-06 CVE-2003-0783 Yongguang Zhang Buffer Overflow vulnerability in Yongguang Zhang Hztty 2.0

Multiple buffer overflows in hztty 2.0 allow local users to gain root privileges.

7.2
2003-10-06 CVE-2003-0759 IBM Buffer Overflow vulnerability in IBM DB2 Universal Database 7.2

Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.

7.2
2003-10-06 CVE-2003-0758 IBM Buffer Overflow vulnerability in IBM DB2 Universal Database 7.2

Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument.

7.2
2003-10-06 CVE-2003-0742 SCO Local Security vulnerability in Openserver 5.0.5/5.0.6/5.0.7

SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.

7.2
2003-10-06 CVE-2003-0697 IBM Denial-Of-Service vulnerability in IBM AIX 4.3/5.1/5.2

Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.

7.2

4 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-10-06 CVE-2002-1567 Apache Cross-Site Scripting vulnerability in Apache Tomcat 4.1.0

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.

6.8
2003-10-06 CVE-2003-0827 IBM Denial-Of-Service vulnerability in IBM DB2 Universal Database 7.1/7.2

The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.

5.0
2003-10-06 CVE-2003-0802 Nokia Remote Security vulnerability in Nokia Electronic Documentation 5.0

Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of .

5.0
2003-10-06 CVE-2003-0801 Nokia Cross-Site Scripting vulnerability in Nokia Electronic Documentation 5.0

Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script.

4.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS