Weekly Vulnerabilities Reports > December 1 to 7, 2003

Overview

18 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 21 products from 13 vendors including BEA, Ethereal Group, Cisco, Openssl, and Apple. Vulnerabilities are notably categorized as and "Cross-site Scripting".

  • 13 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 18 reported vulnerabilities are exploitable by an anonymous user.
  • BEA has the most reported vulnerabilities, with 4 reported vulnerabilities.
  • Hylafax has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-12-01 CVE-2003-0886 Hylafax Unspecified vulnerability in Hylafax

Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code.

10.0

3 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-12-01 CVE-2003-0927 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal

Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector.

7.5
2003-12-01 CVE-2003-0925 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal

Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.

7.5
2003-12-01 CVE-2003-0834 SCO Local Buffer Overflow vulnerability in SCO Open Unix and Unixware

Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.

7.2

13 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-12-01 CVE-2003-0935 NET Snmp Unspecified vulnerability in Net-Snmp

Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.

6.4
2003-12-01 CVE-2003-0926 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal

Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets.

5.0
2003-12-01 CVE-2003-0851 Cisco
Openssl
Remote Denial Of Service vulnerability in OpenSSL ASN.1 Large Recursion

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

5.0
2003-12-01 CVE-2003-0788 Easy Software Products Denial Of Service vulnerability in Cups Internet Printing Protocol Job Loop

Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).

5.0
2003-12-01 CVE-2003-0622 BEA Unspecified vulnerability in BEA Tuxedo and Weblogic Server

The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.

5.0
2003-12-01 CVE-2003-0621 BEA Unspecified vulnerability in BEA Tuxedo and Weblogic Server

The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.

5.0
2003-12-01 CVE-2003-0565 Multiple vulnerabilities in multiple vendor implementations of the X.400 protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an X.400 message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.
5.0
2003-12-01 CVE-2003-0564 Hitachi Denial of Service vulnerability in Hitachi products

Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.

5.0
2003-12-01 CVE-2003-0934 Symbol Technologies Unspecified vulnerability in Symbol Technologies PDT 8100

Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network.

4.6
2003-12-01 CVE-2003-0933 Conquest Unspecified vulnerability in Conquest 7.1.16

Buffer overflow in conquest 7.2 and earlier may allow a local user to execute arbitrary code via a long environment variable.

4.6
2003-12-01 CVE-2003-0913 Apple Unauthorized Access vulnerability in Apple MacOS X Terminal

Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."

4.6
2003-12-01 CVE-2003-0624 BEA Cross-Site Scripting vulnerability in BEA Weblogic Server

Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.

4.3
2003-12-01 CVE-2003-0623 BEA Unspecified vulnerability in BEA Tuxedo and Weblogic Server

Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-12-03 CVE-2003-1058 SUN Unspecified vulnerability in SUN Solaris and Sunos

The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.

3.7