Weekly Vulnerabilities Reports > January 5 to 11, 2004
Overview
23 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 44 products from 17 vendors including Cisco, Broadcom, Freescripts, Microsoft, and Linux. Vulnerabilities are notably categorized as "NULL Pointer Dereference", "Origin Validation Error", and "Improper Input Validation".
- 18 reported vulnerabilities are remotely exploitables.
- 23 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
10 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-01-05 | CVE-2003-1003 | Cisco | Improper Input Validation vulnerability in Cisco PIX Firewall and PIX Firewall Software Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. | 7.8 |
2004-01-05 | CVE-2003-1013 | Ethereal | NULL Pointer Dereference vulnerability in Ethereal The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference. | 7.5 |
2004-01-05 | CVE-2003-1000 | Xchat | NULL Pointer Dereference vulnerability in Xchat 2.0.6 xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference. | 7.5 |
2004-01-05 | CVE-2003-0995 | Microsoft | Denial-Of-Service vulnerability in Windows 2000 Datacenter Server Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request. | 7.5 |
2004-01-05 | CVE-2003-0983 | Cisco | Remote Security vulnerability in Cisco products Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a "bubba" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network. | 7.5 |
2004-01-05 | CVE-2003-0982 | Cisco | Remote Buffer Overrun vulnerability in Cisco ACNS Authentication Library Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password. | 7.5 |
2004-01-05 | CVE-2003-0978 | GNU | Unspecified vulnerability in GNU Privacy Guard Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval. | 7.5 |
2004-01-05 | CVE-2003-0977 | CVS Slackware | CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests. | 7.5 |
2004-01-05 | CVE-2003-0963 | Alexander V Lukyanov | Unspecified vulnerability in Alexander V. Lukyanov Lftp Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands. | 7.5 |
2004-01-05 | CVE-2003-0999 | SUN | Local Security vulnerability in Solaris Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files. | 7.2 |
12 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-01-05 | CVE-2003-0981 | Freescripts | Origin Validation Error vulnerability in Freescripts Visitorbook LE FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks. | 6.1 |
2004-01-05 | CVE-2003-1020 | Irssi Mandrakesoft | Denial-Of-Service vulnerability in irssi The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash). | 5.0 |
2004-01-05 | CVE-2003-1017 | Macromedia | Unspecified vulnerability in Macromedia Director and Flash Player Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names. | 5.0 |
2004-01-05 | CVE-2003-1004 | Cisco | Denial-Of-Service vulnerability in Cisco PIX Firewall and PIX Firewall Software Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall. | 5.0 |
2004-01-05 | CVE-2003-1002 | Cisco | Denial-Of-Service vulnerability in Catalyst 7600 Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. | 5.0 |
2004-01-05 | CVE-2003-1001 | Cisco | Denial-Of-Service vulnerability in Catalyst 7600 Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication. | 5.0 |
2004-01-05 | CVE-2003-0997 | Broadcom | Unspecified vulnerability in Broadcom Unicenter Remote Control Host 6.0 Unknown "Denial of Service Attack" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service). | 5.0 |
2004-01-05 | CVE-2003-0979 | Freescripts | Remote Security vulnerability in Freescripts Visitorbook LE FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable. | 5.0 |
2004-01-05 | CVE-2003-0998 | Broadcom CA | Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account. | 4.6 |
2004-01-05 | CVE-2003-0996 | Broadcom | Unspecified vulnerability in Broadcom Unicenter Remote Control Host 6.0 Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface. | 4.6 |
2004-01-05 | CVE-2003-0984 | Linux | Unspecified vulnerability in Linux Kernel Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. | 4.6 |
2004-01-05 | CVE-2003-0980 | Freescripts | Cross-Site Scripting vulnerability in Freescripts Visitorbook LE Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters. | 4.3 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-01-10 | CVE-2004-1000 | Debian | Unspecified vulnerability in Debian Lintian 1.20.17.1 lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack. | 2.1 |