Weekly Vulnerabilities Reports > November 3 to 9, 2003
Overview
25 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 17 products from 15 vendors including Apple, Thwboard, Network Instruments, Postgresql, and Oracle. Vulnerabilities are notably categorized as and "Incorrect Calculation of Buffer Size".
- 19 reported vulnerabilities are remotely exploitables.
- 25 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Acme has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-11-04 | CVE-2003-1144 | Perception | Buffer Overflow vulnerability in Perception LiteServe Server Log Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name. | 10.0 |
| 2003-11-03 | CVE-2003-1192 | Truenorth Software | Buffer Overrun vulnerability in IA WebMail Server Long GET Request Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request. | 10.0 |
| 2003-11-03 | CVE-2003-1142 | Network Instruments | Privilege Escalation vulnerability in Network Instruments NIPrint LDP-LPR Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges. | 10.0 |
| 2003-11-03 | CVE-2003-0899 | Acme | Incorrect Calculation of Buffer Size vulnerability in Acme Thttpd 2.21/2.22/2.23 Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences. | 9.8 |
10 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-11-03 | CVE-2003-0855 | Charles Kerr | Unspecified vulnerability in Charles Kerr PAN Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address. | 7.8 |
| 2003-11-04 | CVE-2003-1141 | Network Instruments | Remote Buffer Overrun vulnerability in Network Instruments Niprint Lpd-Lpr Print Server 4.10 Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515. | 7.5 |
| 2003-11-03 | CVE-2003-1196 | Vienuke | SQL Injection vulnerability in Vienuke Vieboard 2.6/2.6Beta1 SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | 7.5 |
| 2003-11-03 | CVE-2003-1193 | Oracle | SQL Injection vulnerability in Oracle9iAS Portal Component Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL. | 7.5 |
| 2003-11-03 | CVE-2003-1185 | Thwboard | SQL Injection vulnerability in ThWboard Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php. | 7.5 |
| 2003-11-03 | CVE-2003-0901 | Postgresql | Buffer Overflow vulnerability in PostgreSQL To_Ascii() Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code. | 7.5 |
| 2003-11-03 | CVE-2003-0881 | Apple | Remote Security vulnerability in Mac OS X Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password. | 7.5 |
| 2003-11-03 | CVE-2003-0871 | Apple | Apple Quicktime Java vulnerability in Apple Mac OS X 10.3 Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system." | 7.5 |
| 2003-11-03 | CVE-2003-0683 | SGI | Unspecified vulnerability in SGI Irix 6.5.21F/6.5.21M NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions. | 7.5 |
| 2003-11-03 | CVE-2002-1570 | UCD Snmp | Remote Heap Overflow vulnerability in Net-SNMP snmpnetstat Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array. | 7.5 |
9 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-11-03 | CVE-2003-1182 | MPM | Cross-Site Scripting vulnerability in MPM Guestbook 1.2 Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. | 6.8 |
| 2003-11-03 | CVE-2003-1145 | Openautoclassifieds | Cross-Site Scripting vulnerability in OpenAutoClassifieds Listing Parameter Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter. | 6.8 |
| 2003-11-03 | CVE-2003-0882 | Apple | Remote Security vulnerability in Mac OS X Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet. | 5.0 |
| 2003-11-03 | CVE-2003-0895 | Apple | Buffer Overrun vulnerability in MacOS X Long Argv Value Kernel Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]). | 4.6 |
| 2003-11-03 | CVE-2003-0883 | Apple | Local Security vulnerability in Apple mac OS X 10.3 The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system. | 4.6 |
| 2003-11-03 | CVE-2003-0880 | Apple | Local Security vulnerability in Mac OS X Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences. | 4.6 |
| 2003-11-03 | CVE-2003-0877 | Apple | Symbolic Link vulnerability in Apple Mac OS X Core File Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory. | 4.6 |
| 2003-11-03 | CVE-2003-1190 | Phprecipebook | Cross-Site Scripting/HTML Injection vulnerability in PHPRecipeBook Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe. | 4.3 |
| 2003-11-03 | CVE-2003-1184 | Thwboard | Cross-Site Scripting vulnerability in ThWboard Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other "Diverse XSS Bugs." | 4.3 |
2 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-11-03 | CVE-2003-0878 | Apple | Local Security vulnerability in Mac OS X slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875. | 2.1 |
| 2003-11-03 | CVE-2003-0876 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended. | 2.1 |