Weekly Vulnerabilities Reports > November 3 to 9, 2003

Overview

27 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 18 products from 16 vendors including Apple, Apache, Thwboard, Network Instruments, and Oracle. Vulnerabilities are notably categorized as and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 20 reported vulnerabilities are remotely exploitables.
  • 27 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Apache has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-11-04 CVE-2003-1144 Perception Buffer Overflow vulnerability in Perception LiteServe Server Log

Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name.

10.0
2003-11-03 CVE-2003-1192 Truenorth Software Buffer Overrun vulnerability in IA WebMail Server Long GET Request

Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.

10.0
2003-11-03 CVE-2003-1142 Network Instruments Privilege Escalation vulnerability in Network Instruments NIPrint LDP-LPR

Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges.

10.0
2003-11-03 CVE-2003-0789 Apache Unspecified vulnerability in Apache Http Server

mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.

10.0

12 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-11-03 CVE-2003-0855 Charles Kerr Unspecified vulnerability in Charles Kerr PAN

Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address.

7.8
2003-11-04 CVE-2003-1141 Network Instruments Remote Buffer Overrun vulnerability in Network Instruments Niprint Lpd-Lpr Print Server 4.10

Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515.

7.5
2003-11-03 CVE-2003-1196 Vienuke SQL Injection vulnerability in Vienuke Vieboard 2.6/2.6Beta1

SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

7.5
2003-11-03 CVE-2003-1193 Oracle SQL Injection vulnerability in Oracle9iAS Portal Component

Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.

7.5
2003-11-03 CVE-2003-1185 Thwboard SQL Injection vulnerability in ThWboard

Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.

7.5
2003-11-03 CVE-2003-0901 Postgresql Buffer Overflow vulnerability in PostgreSQL To_Ascii()

Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code.

7.5
2003-11-03 CVE-2003-0899 Acme Labs Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Acme Labs Thttpd

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.

7.5
2003-11-03 CVE-2003-0881 Apple Remote Security vulnerability in Mac OS X

Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.

7.5
2003-11-03 CVE-2003-0871 Apple Apple Quicktime Java vulnerability in Apple Mac OS X 10.3

Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."

7.5
2003-11-03 CVE-2003-0683 SGI Unspecified vulnerability in SGI Irix 6.5.21F/6.5.21M

NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions.

7.5
2003-11-03 CVE-2002-1570 UCD Snmp Remote Heap Overflow vulnerability in Net-SNMP snmpnetstat

Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array.

7.5
2003-11-03 CVE-2003-0542 Apache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache Http Server

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

7.2

9 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-11-03 CVE-2003-1182 MPM Cross-Site Scripting vulnerability in MPM Guestbook 1.2

Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.

6.8
2003-11-03 CVE-2003-1145 Openautoclassifieds Cross-Site Scripting vulnerability in OpenAutoClassifieds Listing Parameter

Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter.

6.8
2003-11-03 CVE-2003-0882 Apple Remote Security vulnerability in Mac OS X

Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.

5.0
2003-11-03 CVE-2003-0895 Apple Buffer Overrun vulnerability in MacOS X Long Argv Value Kernel

Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]).

4.6
2003-11-03 CVE-2003-0883 Apple Local Security vulnerability in Apple mac OS X 10.3

The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system.

4.6
2003-11-03 CVE-2003-0880 Apple Local Security vulnerability in Mac OS X

Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.

4.6
2003-11-03 CVE-2003-0877 Apple Symbolic Link vulnerability in Apple Mac OS X Core File

Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.

4.6
2003-11-03 CVE-2003-1190 Phprecipebook Cross-Site Scripting/HTML Injection vulnerability in PHPRecipeBook

Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe.

4.3
2003-11-03 CVE-2003-1184 Thwboard Cross-Site Scripting vulnerability in ThWboard

Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other "Diverse XSS Bugs."

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-11-03 CVE-2003-0878 Apple Local Security vulnerability in Mac OS X

slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875.

2.1
2003-11-03 CVE-2003-0876 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.

2.1