Weekly Vulnerabilities Reports > January 5 to 11, 2004

Overview

23 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 44 products from 17 vendors including Cisco, Broadcom, Freescripts, Microsoft, and Linux. Vulnerabilities are notably categorized as "NULL Pointer Dereference", "Origin Validation Error", and "Improper Input Validation".

  • 18 reported vulnerabilities are remotely exploitables.
  • 23 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

10 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-01-05 CVE-2003-1003 Cisco Improper Input Validation vulnerability in Cisco PIX Firewall and PIX Firewall Software

Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.

7.8
2004-01-05 CVE-2003-1013 Ethereal NULL Pointer Dereference vulnerability in Ethereal

The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.

7.5
2004-01-05 CVE-2003-1000 Xchat NULL Pointer Dereference vulnerability in Xchat 2.0.6

xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.

7.5
2004-01-05 CVE-2003-0995 Microsoft Denial-Of-Service vulnerability in Windows 2000 Datacenter Server

Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.

7.5
2004-01-05 CVE-2003-0983 Cisco Remote Security vulnerability in Cisco products

Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a "bubba" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network.

7.5
2004-01-05 CVE-2003-0982 Cisco Remote Buffer Overrun vulnerability in Cisco ACNS Authentication Library

Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password.

7.5
2004-01-05 CVE-2003-0978 GNU Unspecified vulnerability in GNU Privacy Guard

Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.

7.5
2004-01-05 CVE-2003-0977 CVS
Slackware
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
7.5
2004-01-05 CVE-2003-0963 Alexander V Lukyanov Unspecified vulnerability in Alexander V. Lukyanov Lftp

Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.

7.5
2004-01-05 CVE-2003-0999 SUN Local Security vulnerability in Solaris

Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.

7.2

12 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-01-05 CVE-2003-0981 Freescripts Origin Validation Error vulnerability in Freescripts Visitorbook LE

FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks.

6.1
2004-01-05 CVE-2003-1020 Irssi
Mandrakesoft
Denial-Of-Service vulnerability in irssi

The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).

5.0
2004-01-05 CVE-2003-1017 Macromedia Unspecified vulnerability in Macromedia Director and Flash Player

Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.

5.0
2004-01-05 CVE-2003-1004 Cisco Denial-Of-Service vulnerability in Cisco PIX Firewall and PIX Firewall Software

Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall.

5.0
2004-01-05 CVE-2003-1002 Cisco Denial-Of-Service vulnerability in Catalyst 7600

Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.

5.0
2004-01-05 CVE-2003-1001 Cisco Denial-Of-Service vulnerability in Catalyst 7600

Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.

5.0
2004-01-05 CVE-2003-0997 Broadcom Unspecified vulnerability in Broadcom Unicenter Remote Control Host 6.0

Unknown "Denial of Service Attack" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service).

5.0
2004-01-05 CVE-2003-0979 Freescripts Remote Security vulnerability in Freescripts Visitorbook LE

FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable.

5.0
2004-01-05 CVE-2003-0998 Broadcom
CA
Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.
4.6
2004-01-05 CVE-2003-0996 Broadcom Unspecified vulnerability in Broadcom Unicenter Remote Control Host 6.0

Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface.

4.6
2004-01-05 CVE-2003-0984 Linux Unspecified vulnerability in Linux Kernel

Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.

4.6
2004-01-05 CVE-2003-0980 Freescripts Cross-Site Scripting vulnerability in Freescripts Visitorbook LE

Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-01-10 CVE-2004-1000 Debian Unspecified vulnerability in Debian Lintian 1.20.17.1

lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.

2.1